Vulnerabilites related to microsoft - ie
CVE-2002-2435 (GCVE-0-2002-2435)
Vulnerability from cvelistv5
Published
2011-12-07 19:00
Modified
2024-08-08 04:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:06:54.637Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://w2spconf.com/2010/papers/p26.pdf" }, { "name": "ms-ie-css-info-disc(71817)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71817" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=147777" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-06-10T00:00:00", "descriptions": [ { "lang": "en", "value": "The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://w2spconf.com/2010/papers/p26.pdf" }, { "name": "ms-ie-css-info-disc(71817)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71817" }, { "tags": [ "x_refsource_MISC" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=147777" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-2435", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://w2spconf.com/2010/papers/p26.pdf", "refsource": "MISC", "url": "http://w2spconf.com/2010/papers/p26.pdf" }, { "name": "ms-ie-css-info-disc(71817)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71817" }, { "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=147777", "refsource": "MISC", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=147777" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-2435", "datePublished": "2011-12-07T19:00:00", "dateReserved": "2011-12-07T00:00:00", "dateUpdated": "2024-08-08T04:06:54.637Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-4219 (GCVE-0-2006-4219)
Vulnerability from cvelistv5
Published
2006-08-18 19:00
Modified
2024-08-07 18:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:57:46.440Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1403", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/1403" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=14" }, { "name": "20060817 [XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/443493/100/0/threaded" }, { "name": "19570", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19570" }, { "name": "ie-tsuserex-dos(28444)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28444" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1403", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/1403" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=14" }, { "name": "20060817 [XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/443493/100/0/threaded" }, { "name": "19570", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19570" }, { "name": "ie-tsuserex-dos(28444)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28444" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4219", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1403", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1403" }, { "name": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=14", "refsource": "MISC", "url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=14" }, { "name": "20060817 [XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/443493/100/0/threaded" }, { "name": "19570", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19570" }, { "name": "ie-tsuserex-dos(28444)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28444" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4219", "datePublished": "2006-08-18T19:00:00", "dateReserved": "2006-08-18T00:00:00", "dateUpdated": "2024-08-07T18:57:46.440Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-0943 (GCVE-0-2007-0943)
Vulnerability from cvelistv5
Published
2007-08-14 21:00
Modified
2024-08-07 12:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:34:21.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MS07-045", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045" }, { "name": "TA07-226A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html" }, { "name": "oval:org.mitre.oval:def:1673", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1673" }, { "name": "ADV-2007-2869", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2869" }, { "name": "26419", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26419" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.nsfocus.com/english/homepage/research/0701.htm" }, { "name": "36397", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/36397" }, { "name": "25288", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/25288" }, { "name": "1018562", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1018562" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-08-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "MS07-045", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045" }, { "name": "TA07-226A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html" }, { "name": "oval:org.mitre.oval:def:1673", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1673" }, { "name": "ADV-2007-2869", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2869" }, { "name": "26419", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26419" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.nsfocus.com/english/homepage/research/0701.htm" }, { "name": "36397", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/36397" }, { "name": "25288", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/25288" }, { "name": "1018562", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1018562" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-0943", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MS07-045", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045" }, { "name": "TA07-226A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html" }, { "name": "oval:org.mitre.oval:def:1673", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1673" }, { "name": "ADV-2007-2869", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2869" }, { "name": "26419", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26419" }, { "name": "http://www.nsfocus.com/english/homepage/research/0701.htm", "refsource": "MISC", "url": "http://www.nsfocus.com/english/homepage/research/0701.htm" }, { "name": "36397", "refsource": "OSVDB", "url": "http://www.osvdb.org/36397" }, { "name": "25288", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25288" }, { "name": "1018562", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018562" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-0943", "datePublished": "2007-08-14T21:00:00", "dateReserved": "2007-02-14T00:00:00", "dateUpdated": "2024-08-07T12:34:21.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2010-1991 (GCVE-0-2010-1991)
Vulnerability from cvelistv5
Published
2010-05-20 17:00
Modified
2024-08-07 02:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T02:17:13.297Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://websecurity.com.ua/4206/" }, { "name": "20100518 DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/511327/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-05-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://websecurity.com.ua/4206/" }, { "name": "20100518 DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/511327/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1991", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://websecurity.com.ua/4206/", "refsource": "MISC", "url": "http://websecurity.com.ua/4206/" }, { "name": "20100518 DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/511327/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1991", "datePublished": "2010-05-20T17:00:00", "dateReserved": "2010-05-20T00:00:00", "dateUpdated": "2024-08-07T02:17:13.297Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2010-2118 (GCVE-0-2010-2118)
Vulnerability from cvelistv5
Published
2010-06-01 20:00
Modified
2024-08-07 02:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T02:25:06.342Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://websecurity.com.ua/4238/" }, { "name": "20100528 [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/511509/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-05-27T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://websecurity.com.ua/4238/" }, { "name": "20100528 [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/511509/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2118", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://websecurity.com.ua/4238/", "refsource": "MISC", "url": "http://websecurity.com.ua/4238/" }, { "name": "20100528 [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/511509/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2118", "datePublished": "2010-06-01T20:00:00", "dateReserved": "2010-06-01T00:00:00", "dateUpdated": "2024-08-07T02:25:06.342Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-4848 (GCVE-0-2007-4848)
Vulnerability from cvelistv5
Published
2007-09-12 20:00
Modified
2024-08-07 15:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T15:08:33.753Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "37638", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/37638" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-07-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2008-11-15T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "37638", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/37638" }, { "tags": [ "x_refsource_MISC" ], "url": "http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4848", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "37638", "refsource": "OSVDB", "url": "http://osvdb.org/37638" }, { "name": "http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/", "refsource": "MISC", "url": "http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4848", "datePublished": "2007-09-12T20:00:00", "dateReserved": "2007-09-12T00:00:00", "dateUpdated": "2024-08-07T15:08:33.753Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0838 (GCVE-0-2003-0838)
Vulnerability from cvelistv5
Published
2003-10-07 04:00
Modified
2024-08-08 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:05:12.549Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-popup-code-execution(13314)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13314" }, { "name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106304733121753\u0026w=2" }, { "name": "7872", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/7872" }, { "name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032", "tags": [ "mailing-list", "x_refsource_NTBUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=ntbugtraq\u0026m=106302799428500\u0026w=2" }, { "name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html" }, { "name": "20030908 Temporary Fix for IE Zero Day Malware RE: BAD NEWS: Microsoft Security Bulletin MS03-032", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106304876523459\u0026w=2" }, { "name": "8556", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/8556" }, { "name": "MS03-040", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040" }, { "name": "20031001 DNS/Hosts file issues", "tags": [ "mailing-list", "x_refsource_NTBUGTRAQ", "x_transferred" ], "url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0310\u0026L=ntbugtraq\u0026F=P\u0026S=\u0026P=2169" }, { "name": "oval:org.mitre.oval:def:204", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-09-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a \"data\" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ie-popup-code-execution(13314)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13314" }, { "name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106304733121753\u0026w=2" }, { "name": "7872", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/7872" }, { "name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032", "tags": [ "mailing-list", "x_refsource_NTBUGTRAQ" ], "url": "http://marc.info/?l=ntbugtraq\u0026m=106302799428500\u0026w=2" }, { "name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html" }, { "name": "20030908 Temporary Fix for IE Zero Day Malware RE: BAD NEWS: Microsoft Security Bulletin MS03-032", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106304876523459\u0026w=2" }, { "name": "8556", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/8556" }, { "name": "MS03-040", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040" }, { "name": "20031001 DNS/Hosts file issues", "tags": [ "mailing-list", "x_refsource_NTBUGTRAQ" ], "url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0310\u0026L=ntbugtraq\u0026F=P\u0026S=\u0026P=2169" }, { "name": "oval:org.mitre.oval:def:204", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204" }, { "tags": [ "x_refsource_MISC" ], "url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0838", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a \"data\" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-popup-code-execution(13314)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13314" }, { "name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106304733121753\u0026w=2" }, { "name": "7872", "refsource": "OSVDB", "url": "http://www.osvdb.org/7872" }, { "name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032", "refsource": "NTBUGTRAQ", "url": "http://marc.info/?l=ntbugtraq\u0026m=106302799428500\u0026w=2" }, { "name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html" }, { "name": "20030908 Temporary Fix for IE Zero Day Malware RE: BAD NEWS: Microsoft Security Bulletin MS03-032", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106304876523459\u0026w=2" }, { "name": "8556", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8556" }, { "name": "MS03-040", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040" }, { "name": "20031001 DNS/Hosts file issues", "refsource": "NTBUGTRAQ", "url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0310\u0026L=ntbugtraq\u0026F=P\u0026S=\u0026P=2169" }, { "name": "oval:org.mitre.oval:def:204", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204" }, { "name": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html", "refsource": "MISC", "url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0838", "datePublished": "2003-10-07T04:00:00", "dateReserved": "2003-10-02T00:00:00", "dateUpdated": "2024-08-08T02:05:12.549Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-4446 (GCVE-0-2006-4446)
Vulnerability from cvelistv5
Published
2006-08-30 01:00
Modified
2024-08-07 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:14:46.391Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "21910", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21910" }, { "name": "1468", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/1468" }, { "name": "TA06-318A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "name": "20060827 [XSec-06-10]: Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/444504/100/0/threaded" }, { "name": "ie-daxctle-dos(28608)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28608" }, { "name": "28841", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/28841" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=19" }, { "name": "oval:org.mitre.oval:def:437", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437" }, { "name": "MS06-067", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" }, { "name": "1016764", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016764" }, { "name": "19738", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19738" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-27T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "21910", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21910" }, { "name": "1468", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/1468" }, { "name": "TA06-318A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "name": "20060827 [XSec-06-10]: Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/444504/100/0/threaded" }, { "name": "ie-daxctle-dos(28608)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28608" }, { "name": "28841", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/28841" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=19" }, { "name": "oval:org.mitre.oval:def:437", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437" }, { "name": "MS06-067", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" }, { "name": "1016764", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016764" }, { "name": "19738", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19738" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4446", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "21910", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21910" }, { "name": "1468", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1468" }, { "name": "TA06-318A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "name": "20060827 [XSec-06-10]: Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444504/100/0/threaded" }, { "name": "ie-daxctle-dos(28608)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28608" }, { "name": "28841", "refsource": "OSVDB", "url": "http://www.osvdb.org/28841" }, { "name": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=19", "refsource": "MISC", "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=19" }, { "name": "oval:org.mitre.oval:def:437", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437" }, { "name": "MS06-067", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" }, { "name": "1016764", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016764" }, { "name": "19738", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19738" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4446", "datePublished": "2006-08-30T01:00:00", "dateReserved": "2006-08-29T00:00:00", "dateUpdated": "2024-08-07T19:14:46.391Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-3550 (GCVE-0-2007-3550)
Vulnerability from cvelistv5
Published
2007-07-03 21:00
Modified
2024-08-07 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T14:21:36.323Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "45814", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/45814" }, { "name": "ie-zone-dos(35455)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35455" }, { "name": "20071222 Bid 24744 ?", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/485536/100/0/threaded" }, { "name": "24744", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24744" }, { "name": "2855", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2855" }, { "name": "20070701 Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/472651/100/0/threaded" }, { "name": "20070712 Bogus BID 24744", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/473662" }, { "name": "20070701 Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.secniche.org/advisory/Internet_Dos_Adv.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-06-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka \"Internet Explorer Zone Domain Specification Dos and Page Suppressing\". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "45814", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/45814" }, { "name": "ie-zone-dos(35455)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35455" }, { "name": "20071222 Bid 24744 ?", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/485536/100/0/threaded" }, { "name": "24744", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24744" }, { "name": "2855", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2855" }, { "name": "20070701 Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/472651/100/0/threaded" }, { "name": "20070712 Bogus BID 24744", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/473662" }, { "name": "20070701 Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.secniche.org/advisory/Internet_Dos_Adv.pdf" } ], "tags": [ "disputed" ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3550", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka \"Internet Explorer Zone Domain Specification Dos and Page Suppressing\". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "45814", "refsource": "OSVDB", "url": "http://osvdb.org/45814" }, { "name": "ie-zone-dos(35455)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35455" }, { "name": "20071222 Bid 24744 ?", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/485536/100/0/threaded" }, { "name": "24744", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24744" }, { "name": "2855", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2855" }, { "name": "20070701 Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/472651/100/0/threaded" }, { "name": "20070712 Bogus BID 24744", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/473662" }, { "name": "20070701 Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html" }, { "name": "http://www.secniche.org/advisory/Internet_Dos_Adv.pdf", "refsource": "MISC", "url": "http://www.secniche.org/advisory/Internet_Dos_Adv.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3550", "datePublished": "2007-07-03T21:00:00", "dateReserved": "2007-07-03T00:00:00", "dateUpdated": "2024-08-07T14:21:36.323Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-1027 (GCVE-0-2003-1027)
Vulnerability from cvelistv5
Published
2004-01-08 05:00
Modified
2024-08-08 02:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:12:35.946Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:527", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527" }, { "name": "VU#413886", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/413886" }, { "name": "oval:org.mitre.oval:def:629", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629" }, { "name": "oval:org.mitre.oval:def:531", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2" }, { "name": "oval:org.mitre.oval:def:530", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530" }, { "name": "20031201 Comments on 5 IE vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "name": "TA04-033A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html" }, { "name": "MS04-004", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004" }, { "name": "oval:org.mitre.oval:def:532", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532" }, { "name": "oval:org.mitre.oval:def:534", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534" }, { "name": "20031125 HijackClickV2 - a successor of HijackClick attack", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106979479719446\u0026w=2" }, { "name": "ie-method-perform-actions(13844)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13844" }, { "name": "oval:org.mitre.oval:def:529", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529" }, { "name": "1006036", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1006036" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-11-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the \"Function Pointer Drag and Drop Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:527", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527" }, { "name": "VU#413886", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/413886" }, { "name": "oval:org.mitre.oval:def:629", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629" }, { "name": "oval:org.mitre.oval:def:531", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2" }, { "name": "oval:org.mitre.oval:def:530", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530" }, { "name": "20031201 Comments on 5 IE vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "name": "TA04-033A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html" }, { "name": "MS04-004", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004" }, { "name": "oval:org.mitre.oval:def:532", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532" }, { "name": "oval:org.mitre.oval:def:534", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534" }, { "name": "20031125 HijackClickV2 - a successor of HijackClick attack", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106979479719446\u0026w=2" }, { "name": "ie-method-perform-actions(13844)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13844" }, { "name": "oval:org.mitre.oval:def:529", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529" }, { "name": "1006036", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1006036" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1027", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the \"Function Pointer Drag and Drop Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:527", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527" }, { "name": "VU#413886", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/413886" }, { "name": "oval:org.mitre.oval:def:629", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629" }, { "name": "oval:org.mitre.oval:def:531", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531" }, { "name": "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2", "refsource": "MISC", "url": "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2" }, { "name": "oval:org.mitre.oval:def:530", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530" }, { "name": "20031201 Comments on 5 IE vulnerabilities", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "name": "TA04-033A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html" }, { "name": "MS04-004", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004" }, { "name": "oval:org.mitre.oval:def:532", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532" }, { "name": "oval:org.mitre.oval:def:534", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534" }, { "name": "20031125 HijackClickV2 - a successor of HijackClick attack", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106979479719446\u0026w=2" }, { "name": "ie-method-perform-actions(13844)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13844" }, { "name": "oval:org.mitre.oval:def:529", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529" }, { "name": "1006036", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1006036" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1027", "datePublished": "2004-01-08T05:00:00", "dateReserved": "2004-01-07T00:00:00", "dateUpdated": "2024-08-08T02:12:35.946Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-1999-0827 (GCVE-0-1999-0827)
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:48:38.083Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "1999-11-30T00:00:00", "descriptions": [ { "lang": "en", "value": "By default, Internet Explorer 5.0 and other versions enables the \"Navigate sub-frames across different domains\" option, which allows frame spoofing." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-17T08:02:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0827", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "By default, Internet Explorer 5.0 and other versions enables the \"Navigate sub-frames across different domains\" option, which allows frame spoofing." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0827", "datePublished": "2000-02-04T05:00:00", "dateReserved": "1999-12-07T00:00:00", "dateUpdated": "2024-08-01T16:48:38.083Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-2087 (GCVE-0-2005-2087)
Vulnerability from cvelistv5
Published
2005-06-30 04:00
Modified
2024-08-07 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:15:37.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20050629 SEC-CONSULT SA-20050629-0", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=112006764714946\u0026w=2" }, { "name": "oval:org.mitre.oval:def:1326", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1326" }, { "name": "VU#959049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "TA05-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-193A.html" }, { "name": "oval:org.mitre.oval:def:793", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A793" }, { "name": "VU#939605", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/939605" }, { "name": "1014329", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1014329" }, { "name": "oval:org.mitre.oval:def:1506", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1506" }, { "name": "14087", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/14087" }, { "name": "20050702 Microsoft Internet Explorer \"javaprxy.dll\" Code Execution Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/404055" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.microsoft.com/technet/security/advisory/903144.mspx" }, { "name": "ie-javaprxydll-execute-code(21193)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21193" }, { "name": "15891", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/15891" }, { "name": "MS05-037", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-037" }, { "name": "17680", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/17680" }, { "name": "ESB-2005.0489", "tags": [ "third-party-advisory", "x_refsource_AUSCERT", "x_transferred" ], "url": "http://www.auscert.org.au/render.html?it=5225" }, { "name": "ADV-2005-0935", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/0935" }, { "name": "oval:org.mitre.oval:def:1518", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1518" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-06-29T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20050629 SEC-CONSULT SA-20050629-0", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=112006764714946\u0026w=2" }, { "name": "oval:org.mitre.oval:def:1326", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1326" }, { "name": "VU#959049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "TA05-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-193A.html" }, { "name": "oval:org.mitre.oval:def:793", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A793" }, { "name": "VU#939605", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/939605" }, { "name": "1014329", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1014329" }, { "name": "oval:org.mitre.oval:def:1506", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1506" }, { "name": "14087", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/14087" }, { "name": "20050702 Microsoft Internet Explorer \"javaprxy.dll\" Code Execution Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/404055" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.microsoft.com/technet/security/advisory/903144.mspx" }, { "name": "ie-javaprxydll-execute-code(21193)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21193" }, { "name": "15891", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/15891" }, { "name": "MS05-037", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-037" }, { "name": "17680", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/17680" }, { "name": "ESB-2005.0489", "tags": [ "third-party-advisory", "x_refsource_AUSCERT" ], "url": "http://www.auscert.org.au/render.html?it=5225" }, { "name": "ADV-2005-0935", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/0935" }, { "name": "oval:org.mitre.oval:def:1518", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1518" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2087", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20050629 SEC-CONSULT SA-20050629-0", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=112006764714946\u0026w=2" }, { "name": "oval:org.mitre.oval:def:1326", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1326" }, { "name": "VU#959049", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "TA05-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA05-193A.html" }, { "name": "oval:org.mitre.oval:def:793", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A793" }, { "name": "VU#939605", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/939605" }, { "name": "1014329", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014329" }, { "name": "oval:org.mitre.oval:def:1506", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1506" }, { "name": "14087", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14087" }, { "name": "20050702 Microsoft Internet Explorer \"javaprxy.dll\" Code Execution Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/404055" }, { "name": "http://www.microsoft.com/technet/security/advisory/903144.mspx", "refsource": "MISC", "url": "http://www.microsoft.com/technet/security/advisory/903144.mspx" }, { "name": "ie-javaprxydll-execute-code(21193)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21193" }, { "name": "15891", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/15891" }, { "name": "MS05-037", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-037" }, { "name": "17680", "refsource": "OSVDB", "url": "http://www.osvdb.org/17680" }, { "name": "ESB-2005.0489", "refsource": "AUSCERT", "url": "http://www.auscert.org.au/render.html?it=5225" }, { "name": "ADV-2005-0935", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/0935" }, { "name": "oval:org.mitre.oval:def:1518", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1518" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2087", "datePublished": "2005-06-30T04:00:00", "dateReserved": "2005-06-30T00:00:00", "dateUpdated": "2024-08-07T22:15:37.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-1484 (GCVE-0-2003-1484)
Vulnerability from cvelistv5
Published
2007-10-24 23:00
Modified
2024-08-08 02:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:28:03.644Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-anchorclick-dos(11946)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11946" }, { "name": "20030505 Crash in Internet Explorer 6.0 Sp1", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/320544" }, { "name": "7502", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/7502" }, { "name": "3292", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/3292" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-05-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick \"A\" object with a blank href attribute." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ie-anchorclick-dos(11946)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11946" }, { "name": "20030505 Crash in Internet Explorer 6.0 Sp1", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/320544" }, { "name": "7502", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/7502" }, { "name": "3292", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/3292" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1484", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick \"A\" object with a blank href attribute." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-anchorclick-dos(11946)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11946" }, { "name": "20030505 Crash in Internet Explorer 6.0 Sp1", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/320544" }, { "name": "7502", "refsource": "BID", "url": "http://www.securityfocus.com/bid/7502" }, { "name": "3292", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3292" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1484", "datePublished": "2007-10-24T23:00:00", "dateReserved": "2007-10-24T00:00:00", "dateUpdated": "2024-08-08T02:28:03.644Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-4697 (GCVE-0-2006-4697)
Vulnerability from cvelistv5
Published
2007-02-13 22:00
Modified
2024-08-07 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
References
► | URL | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:23:40.331Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#753924", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/753924" }, { "name": "TA07-044A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "name": "ADV-2007-0584", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "name": "24156", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24156" }, { "name": "oval:org.mitre.oval:def:1120", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120" }, { "name": "MS07-016", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "name": "31891", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/31891" }, { "name": "22486", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22486" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-02-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "VU#753924", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/753924" }, { "name": "TA07-044A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "name": "ADV-2007-0584", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "name": "24156", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24156" }, { "name": "oval:org.mitre.oval:def:1120", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120" }, { "name": "MS07-016", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "name": "31891", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/31891" }, { "name": "22486", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22486" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-4697", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#753924", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/753924" }, { "name": "TA07-044A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "name": "ADV-2007-0584", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "name": "24156", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24156" }, { "name": "oval:org.mitre.oval:def:1120", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120" }, { "name": "MS07-016", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "name": "31891", "refsource": "OSVDB", "url": "http://www.osvdb.org/31891" }, { "name": "22486", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22486" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-4697", "datePublished": "2007-02-13T22:00:00", "dateReserved": "2006-09-11T00:00:00", "dateUpdated": "2024-08-07T19:23:40.331Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-0329 (GCVE-0-2000-0329)
Vulnerability from cvelistv5
Published
2000-06-02 04:00
Modified
2024-08-08 05:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:14:21.457Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MS99-048", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-048" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "1999-11-11T00:00:00", "descriptions": [ { "lang": "en", "value": "A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the \"Active Setup Control\" vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "MS99-048", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-048" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0329", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the \"Active Setup Control\" vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MS99-048", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-048" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0329", "datePublished": "2000-06-02T04:00:00", "dateReserved": "2000-05-11T00:00:00", "dateUpdated": "2024-08-08T05:14:21.457Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-4193 (GCVE-0-2006-4193)
Vulnerability from cvelistv5
Published
2006-08-17 01:00
Modified
2024-08-07 18:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:57:46.260Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-msoe-dos(28439)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28439" }, { "name": "29347", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/29347" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=8" }, { "name": "29345", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/29345" }, { "name": "20060815 [XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/443295/100/0/threaded" }, { "name": "1402", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/1402" }, { "name": "19530", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19530" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=10" }, { "name": "20060815 [XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/443290/100/0/threaded" }, { "name": "19521", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19521" }, { "name": "ie-imskdic-dos(28436)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28436" }, { "name": "19529", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19529" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=9" }, { "name": "29346", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/29346" }, { "name": "20060815 [XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/443299/100/0/threaded" }, { "name": "ie-chtskdic-dos(28438)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28438" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ie-msoe-dos(28439)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28439" }, { "name": "29347", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/29347" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=8" }, { "name": "29345", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/29345" }, { "name": "20060815 [XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/443295/100/0/threaded" }, { "name": "1402", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/1402" }, { "name": "19530", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19530" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=10" }, { "name": "20060815 [XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/443290/100/0/threaded" }, { "name": "19521", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19521" }, { "name": "ie-imskdic-dos(28436)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28436" }, { "name": "19529", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19529" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=9" }, { "name": "29346", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/29346" }, { "name": "20060815 [XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/443299/100/0/threaded" }, { "name": "ie-chtskdic-dos(28438)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28438" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4193", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-msoe-dos(28439)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28439" }, { "name": "29347", "refsource": "OSVDB", "url": "http://www.osvdb.org/29347" }, { "name": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=8", "refsource": "MISC", "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=8" }, { "name": "29345", "refsource": "OSVDB", "url": "http://www.osvdb.org/29345" }, { "name": "20060815 [XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/443295/100/0/threaded" }, { "name": "1402", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1402" }, { "name": "19530", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19530" }, { "name": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=10", "refsource": "MISC", "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=10" }, { "name": "20060815 [XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/443290/100/0/threaded" }, { "name": "19521", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19521" }, { "name": "ie-imskdic-dos(28436)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28436" }, { "name": "19529", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19529" }, { "name": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=9", "refsource": "MISC", "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=9" }, { "name": "29346", "refsource": "OSVDB", "url": "http://www.osvdb.org/29346" }, { "name": "20060815 [XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/443299/100/0/threaded" }, { "name": "ie-chtskdic-dos(28438)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28438" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4193", "datePublished": "2006-08-17T01:00:00", "dateReserved": "2006-08-16T00:00:00", "dateUpdated": "2024-08-07T18:57:46.260Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-1988 (GCVE-0-2005-1988)
Vulnerability from cvelistv5
Published
2005-08-10 04:00
Modified
2024-08-07 22:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:06:57.839Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "16373", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/16373/" }, { "name": "VU#965206", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/965206" }, { "name": "oval:org.mitre.oval:def:1335", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1335" }, { "name": "TA05-221A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" }, { "name": "MS05-038", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "name": "oval:org.mitre.oval:def:390", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A390" }, { "name": "oval:org.mitre.oval:def:1140", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140" }, { "name": "oval:org.mitre.oval:def:1216", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1216" }, { "name": "ADV-2005-1353", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/1353" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-08-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka \"JPEG Image Rendering Memory Corruption Vulnerability\"." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "16373", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/16373/" }, { "name": "VU#965206", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/965206" }, { "name": "oval:org.mitre.oval:def:1335", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1335" }, { "name": "TA05-221A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" }, { "name": "MS05-038", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "name": "oval:org.mitre.oval:def:390", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A390" }, { "name": "oval:org.mitre.oval:def:1140", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140" }, { "name": "oval:org.mitre.oval:def:1216", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1216" }, { "name": "ADV-2005-1353", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/1353" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2005-1988", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka \"JPEG Image Rendering Memory Corruption Vulnerability\"." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "16373", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/16373/" }, { "name": "VU#965206", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/965206" }, { "name": "oval:org.mitre.oval:def:1335", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1335" }, { "name": "TA05-221A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" }, { "name": "MS05-038", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "name": "oval:org.mitre.oval:def:390", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A390" }, { "name": "oval:org.mitre.oval:def:1140", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140" }, { "name": "oval:org.mitre.oval:def:1216", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1216" }, { "name": "ADV-2005-1353", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/1353" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2005-1988", "datePublished": "2005-08-10T04:00:00", "dateReserved": "2005-06-17T00:00:00", "dateUpdated": "2024-08-07T22:06:57.839Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-1245 (GCVE-0-2006-1245)
Vulnerability from cvelistv5
Published
2006-03-17 01:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:03:28.919Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1015794", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015794" }, { "name": "20061205 Re: MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/453554/100/0/threaded" }, { "name": "18957", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18957" }, { "name": "oval:org.mitre.oval:def:1569", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569" }, { "name": "19269", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19269" }, { "name": "oval:org.mitre.oval:def:1451", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451" }, { "name": "20060325 Re: [optimized PoC] Remote overflow in MSIE script action handlers (mshtml.dll)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/428810/100/0/threaded" }, { "name": "TA06-101A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "oval:org.mitre.oval:def:1632", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632" }, { "name": "ie-mshtml-bo(25292)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25292" }, { "name": "17131", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/17131" }, { "name": "20060316 Remote overflow in MSIE script action handlers (mshtml.dll)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html" }, { "name": "oval:org.mitre.oval:def:1599", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599" }, { "name": "20061203 MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/453436/100/0/threaded" }, { "name": "VU#984473", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/984473" }, { "name": "MS06-013", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "oval:org.mitre.oval:def:1766", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766" }, { "name": "ADV-2006-1318", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "23964", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/23964" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-03-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the \"Multiple Event Handler Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "1015794", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015794" }, { "name": "20061205 Re: MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/453554/100/0/threaded" }, { "name": "18957", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18957" }, { "name": "oval:org.mitre.oval:def:1569", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569" }, { "name": "19269", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19269" }, { "name": "oval:org.mitre.oval:def:1451", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451" }, { "name": "20060325 Re: [optimized PoC] Remote overflow in MSIE script action handlers (mshtml.dll)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/428810/100/0/threaded" }, { "name": "TA06-101A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "oval:org.mitre.oval:def:1632", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632" }, { "name": "ie-mshtml-bo(25292)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25292" }, { "name": "17131", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/17131" }, { "name": "20060316 Remote overflow in MSIE script action handlers (mshtml.dll)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html" }, { "name": "oval:org.mitre.oval:def:1599", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599" }, { "name": "20061203 MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/453436/100/0/threaded" }, { "name": "VU#984473", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/984473" }, { "name": "MS06-013", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "oval:org.mitre.oval:def:1766", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766" }, { "name": "ADV-2006-1318", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "23964", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/23964" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-1245", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the \"Multiple Event Handler Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1015794", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015794" }, { "name": "20061205 Re: MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/453554/100/0/threaded" }, { "name": "18957", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18957" }, { "name": "oval:org.mitre.oval:def:1569", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569" }, { "name": "19269", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19269" }, { "name": "oval:org.mitre.oval:def:1451", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451" }, { "name": "20060325 Re: [optimized PoC] Remote overflow in MSIE script action handlers (mshtml.dll)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/428810/100/0/threaded" }, { "name": "TA06-101A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "oval:org.mitre.oval:def:1632", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632" }, { "name": "ie-mshtml-bo(25292)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25292" }, { "name": "17131", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17131" }, { "name": "20060316 Remote overflow in MSIE script action handlers (mshtml.dll)", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html" }, { "name": "oval:org.mitre.oval:def:1599", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599" }, { "name": "20061203 MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/453436/100/0/threaded" }, { "name": "VU#984473", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/984473" }, { "name": "MS06-013", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "oval:org.mitre.oval:def:1766", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766" }, { "name": "ADV-2006-1318", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "23964", "refsource": "OSVDB", "url": "http://www.osvdb.org/23964" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-1245", "datePublished": "2006-03-17T01:00:00", "dateReserved": "2006-03-17T00:00:00", "dateUpdated": "2024-08-07T17:03:28.919Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2001-1489 (GCVE-0-2001-1489)
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 04:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:58:11.396Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "win-browser-image-dos(7709)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709" }, { "name": "20011211 Browsers fails on big image count", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/245152" }, { "name": "3684", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/3684" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-12-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "win-browser-image-dos(7709)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709" }, { "name": "20011211 Browsers fails on big image count", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/245152" }, { "name": "3684", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/3684" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1489", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "win-browser-image-dos(7709)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709" }, { "name": "20011211 Browsers fails on big image count", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/245152" }, { "name": "3684", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3684" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1489", "datePublished": "2005-06-21T04:00:00", "dateReserved": "2005-06-21T00:00:00", "dateUpdated": "2024-08-08T04:58:11.396Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0116 (GCVE-0-2003-0116)
Vulnerability from cvelistv5
Published
2003-04-26 04:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:43:35.921Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20021203 Poisonous Style for Dialog window turns the zone off.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/301945" }, { "name": "VU#244729", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/244729" }, { "name": "MS03-015", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "name": "6306", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6306" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-04-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka \"Modal Dialog script execution.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20021203 Poisonous Style for Dialog window turns the zone off.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/301945" }, { "name": "VU#244729", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/244729" }, { "name": "MS03-015", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "name": "6306", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/6306" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0116", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka \"Modal Dialog script execution.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20021203 Poisonous Style for Dialog window turns the zone off.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/301945" }, { "name": "VU#244729", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/244729" }, { "name": "MS03-015", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "name": "6306", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6306" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0116", "datePublished": "2003-04-26T04:00:00", "dateReserved": "2003-02-26T00:00:00", "dateUpdated": "2024-08-08T01:43:35.921Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3450 (GCVE-0-2006-3450)
Vulnerability from cvelistv5
Published
2006-08-08 23:00
Modified
2024-08-07 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:30:33.402Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:433", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433" }, { "name": "1016663", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "27855", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/27855" }, { "name": "VU#119180", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/119180" }, { "name": "21396", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "20060808 ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/442579/100/0/threaded" }, { "name": "19312", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19312" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html" }, { "name": "TA06-220A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "oval:org.mitre.oval:def:433", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433" }, { "name": "1016663", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "27855", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/27855" }, { "name": "VU#119180", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/119180" }, { "name": "21396", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "20060808 ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/442579/100/0/threaded" }, { "name": "19312", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19312" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html" }, { "name": "TA06-220A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-3450", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:433", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433" }, { "name": "1016663", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "27855", "refsource": "OSVDB", "url": "http://www.osvdb.org/27855" }, { "name": "VU#119180", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/119180" }, { "name": "21396", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "20060808 ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/442579/100/0/threaded" }, { "name": "19312", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19312" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html" }, { "name": "TA06-220A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-3450", "datePublished": "2006-08-08T23:00:00", "dateReserved": "2006-07-07T00:00:00", "dateUpdated": "2024-08-07T18:30:33.402Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3643 (GCVE-0-2006-3643)
Vulnerability from cvelistv5
Published
2006-08-09 00:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:39:53.585Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1016655", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016655" }, { "name": "win-mmc-resource-xss(28005)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28005" }, { "name": "ADV-2006-3213", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3213" }, { "name": "19417", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19417" }, { "name": "TA06-220A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "oval:org.mitre.oval:def:638", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638" }, { "name": "VU#927548", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/927548" }, { "name": "21401", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21401" }, { "name": "MS06-044", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local \"HTML-embedded resource files\" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka \"MMC Redirect Cross-Site Scripting Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "1016655", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016655" }, { "name": "win-mmc-resource-xss(28005)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28005" }, { "name": "ADV-2006-3213", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3213" }, { "name": "19417", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19417" }, { "name": "TA06-220A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "oval:org.mitre.oval:def:638", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638" }, { "name": "VU#927548", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/927548" }, { "name": "21401", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21401" }, { "name": "MS06-044", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-3643", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local \"HTML-embedded resource files\" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka \"MMC Redirect Cross-Site Scripting Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1016655", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016655" }, { "name": "win-mmc-resource-xss(28005)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28005" }, { "name": "ADV-2006-3213", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3213" }, { "name": "19417", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19417" }, { "name": "TA06-220A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "oval:org.mitre.oval:def:638", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638" }, { "name": "VU#927548", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/927548" }, { "name": "21401", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21401" }, { "name": "MS06-044", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-3643", "datePublished": "2006-08-09T00:00:00", "dateReserved": "2006-07-17T00:00:00", "dateUpdated": "2024-08-07T18:39:53.585Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-0219 (GCVE-0-2007-0219)
Vulnerability from cvelistv5
Published
2007-02-13 23:00
Modified
2024-08-07 12:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:12:17.835Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-com-activex-code-execution(32427)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32427" }, { "name": "1017643", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1017643" }, { "name": "31894", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/31894" }, { "name": "VU#771788", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/771788" }, { "name": "oval:org.mitre.oval:def:257", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A257" }, { "name": "31895", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/31895" }, { "name": "TA07-044A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "name": "ADV-2007-0584", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "name": "31893", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/31893" }, { "name": "24156", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24156" }, { "name": "MS07-016", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "name": "22504", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22504" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-02-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "ie-com-activex-code-execution(32427)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32427" }, { "name": "1017643", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1017643" }, { "name": "31894", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/31894" }, { "name": "VU#771788", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/771788" }, { "name": "oval:org.mitre.oval:def:257", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A257" }, { "name": "31895", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/31895" }, { "name": "TA07-044A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "name": "ADV-2007-0584", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "name": "31893", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/31893" }, { "name": "24156", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24156" }, { "name": "MS07-016", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "name": "22504", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22504" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-0219", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-com-activex-code-execution(32427)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32427" }, { "name": "1017643", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017643" }, { "name": "31894", "refsource": "OSVDB", "url": "http://www.osvdb.org/31894" }, { "name": "VU#771788", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/771788" }, { "name": "oval:org.mitre.oval:def:257", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A257" }, { "name": "31895", "refsource": "OSVDB", "url": "http://www.osvdb.org/31895" }, { "name": "TA07-044A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "name": "ADV-2007-0584", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "name": "31893", "refsource": "OSVDB", "url": "http://www.osvdb.org/31893" }, { "name": "24156", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24156" }, { "name": "MS07-016", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "name": "22504", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22504" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-0219", "datePublished": "2007-02-13T23:00:00", "dateReserved": "2007-01-12T00:00:00", "dateUpdated": "2024-08-07T12:12:17.835Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-2829 (GCVE-0-2005-2829)
Vulnerability from cvelistv5
Published
2005-12-14 11:00
Modified
2024-08-07 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:45:02.352Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "18064", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18064" }, { "name": "oval:org.mitre.oval:def:1340", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340" }, { "name": "oval:org.mitre.oval:def:1458", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458" }, { "name": "oval:org.mitre.oval:def:1209", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209" }, { "name": "15823", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15823" }, { "name": "MS05-054", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "name": "20051213 Secunia Research: Internet Explorer Suppressed \"Download Dialog\"Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/419395/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "name": "15368", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/15368" }, { "name": "ADV-2005-2909", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://secunia.com/secunia_research/2005-7/advisory/" }, { "name": "oval:org.mitre.oval:def:1507", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507" }, { "name": "1015349", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015349" }, { "name": "18311", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18311" }, { "name": "oval:org.mitre.oval:def:1490", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490" }, { "name": "ADV-2005-2867", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "name": "ie-dialog-box-code-execution(23448)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23448" }, { "name": "20051213 Secunia Research: Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://marc.info/?l=full-disclosure\u0026m=113450519906463\u0026w=2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://secunia.com/secunia_research/2005-21/advisory" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" }, { "name": "oval:org.mitre.oval:def:1505", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505" }, { "name": "254", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/254" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-12-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the \"Run\" button, aka \"File Download Dialog Box Manipulation Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "18064", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18064" }, { "name": "oval:org.mitre.oval:def:1340", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340" }, { "name": "oval:org.mitre.oval:def:1458", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458" }, { "name": "oval:org.mitre.oval:def:1209", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209" }, { "name": "15823", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15823" }, { "name": "MS05-054", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "name": "20051213 Secunia Research: Internet Explorer Suppressed \"Download Dialog\"Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/419395/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "name": "15368", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/15368" }, { "name": "ADV-2005-2909", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "tags": [ "x_refsource_MISC" ], "url": "http://secunia.com/secunia_research/2005-7/advisory/" }, { "name": "oval:org.mitre.oval:def:1507", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507" }, { "name": "1015349", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015349" }, { "name": "18311", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18311" }, { "name": "oval:org.mitre.oval:def:1490", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490" }, { "name": "ADV-2005-2867", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "name": "ie-dialog-box-code-execution(23448)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23448" }, { "name": "20051213 Secunia Research: Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://marc.info/?l=full-disclosure\u0026m=113450519906463\u0026w=2" }, { "tags": [ "x_refsource_MISC" ], "url": "http://secunia.com/secunia_research/2005-21/advisory" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" }, { "name": "oval:org.mitre.oval:def:1505", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505" }, { "name": "254", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/254" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2005-2829", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the \"Run\" button, aka \"File Download Dialog Box Manipulation Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "18064", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18064" }, { "name": "oval:org.mitre.oval:def:1340", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340" }, { "name": "oval:org.mitre.oval:def:1458", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458" }, { "name": "oval:org.mitre.oval:def:1209", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209" }, { "name": "15823", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15823" }, { "name": "MS05-054", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "name": "20051213 Secunia Research: Internet Explorer Suppressed \"Download Dialog\"Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/419395/100/0/threaded" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "name": "15368", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/15368" }, { "name": "ADV-2005-2909", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "name": "http://secunia.com/secunia_research/2005-7/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2005-7/advisory/" }, { "name": "oval:org.mitre.oval:def:1507", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507" }, { "name": "1015349", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015349" }, { "name": "18311", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18311" }, { "name": "oval:org.mitre.oval:def:1490", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490" }, { "name": "ADV-2005-2867", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "name": "ie-dialog-box-code-execution(23448)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23448" }, { "name": "20051213 Secunia Research: Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure\u0026m=113450519906463\u0026w=2" }, { "name": "http://secunia.com/secunia_research/2005-21/advisory", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2005-21/advisory" }, { "name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420", "refsource": "MISC", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" }, { "name": "oval:org.mitre.oval:def:1505", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505" }, { "name": "254", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/254" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2005-2829", "datePublished": "2005-12-14T11:00:00", "dateReserved": "2005-09-07T00:00:00", "dateUpdated": "2024-08-07T22:45:02.352Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-4888 (GCVE-0-2006-4888)
Vulnerability from cvelistv5
Published
2006-09-19 21:00
Modified
2024-09-16 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:32:22.421Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "28614", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/28614" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/" }, { "name": "20060713 IE \u003c= 6 DoS vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-09-19T21:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "28614", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/28614" }, { "tags": [ "x_refsource_MISC" ], "url": "http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/" }, { "name": "20060713 IE \u003c= 6 DoS vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4888", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "28614", "refsource": "OSVDB", "url": "http://www.osvdb.org/28614" }, { "name": "http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/", "refsource": "MISC", "url": "http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/" }, { "name": "20060713 IE \u003c= 6 DoS vulnerability", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4888", "datePublished": "2006-09-19T21:00:00Z", "dateReserved": "2006-09-19T00:00:00Z", "dateUpdated": "2024-09-16T23:15:40.385Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-1186 (GCVE-0-2002-1186)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:19:27.688Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MS02-066", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "name": "5610", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/5610" }, { "name": "20020903 MSIEv6 % encoding causes a problem again", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html" }, { "name": "ie-sameoriginpolicy-bypass(10039)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10039.php" }, { "name": "7845", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/7845" }, { "name": "oval:org.mitre.oval:def:495", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495" }, { "name": "20020904 Re: MSIEv6 % encoding causes a problem again", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html" }, { "name": "oval:org.mitre.oval:def:471", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471" }, { "name": "oval:org.mitre.oval:def:143", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-11-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka \"Encoded Characters Information Disclosure.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-11-01T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "MS02-066", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "name": "5610", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/5610" }, { "name": "20020903 MSIEv6 % encoding causes a problem again", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html" }, { "name": "ie-sameoriginpolicy-bypass(10039)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10039.php" }, { "name": "7845", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/7845" }, { "name": "oval:org.mitre.oval:def:495", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495" }, { "name": "20020904 Re: MSIEv6 % encoding causes a problem again", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html" }, { "name": "oval:org.mitre.oval:def:471", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471" }, { "name": "oval:org.mitre.oval:def:143", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1186", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka \"Encoded Characters Information Disclosure.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MS02-066", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "name": "5610", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5610" }, { "name": "20020903 MSIEv6 % encoding causes a problem again", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html" }, { "name": "ie-sameoriginpolicy-bypass(10039)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10039.php" }, { "name": "7845", "refsource": "OSVDB", "url": "http://www.osvdb.org/7845" }, { "name": "oval:org.mitre.oval:def:495", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495" }, { "name": "20020904 Re: MSIEv6 % encoding causes a problem again", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html" }, { "name": "oval:org.mitre.oval:def:471", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471" }, { "name": "oval:org.mitre.oval:def:143", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1186", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-10-04T00:00:00", "dateUpdated": "2024-08-08T03:19:27.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3638 (GCVE-0-2006-3638)
Vulnerability from cvelistv5
Published
2006-08-08 23:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:39:53.456Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#959049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "1016663", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "27852", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/27852" }, { "name": "oval:org.mitre.oval:def:719", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A719" }, { "name": "20060808 TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/442728/100/0/threaded" }, { "name": "21396", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "TA06-220A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-09.html" }, { "name": "19340", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19340" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka \"COM Object Instantiation Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "VU#959049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "1016663", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "27852", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/27852" }, { "name": "oval:org.mitre.oval:def:719", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A719" }, { "name": "20060808 TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/442728/100/0/threaded" }, { "name": "21396", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "TA06-220A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-09.html" }, { "name": "19340", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19340" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-3638", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka \"COM Object Instantiation Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#959049", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "1016663", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "27852", "refsource": "OSVDB", "url": "http://www.osvdb.org/27852" }, { "name": "oval:org.mitre.oval:def:719", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A719" }, { "name": "20060808 TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/442728/100/0/threaded" }, { "name": "21396", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "TA06-220A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "http://www.tippingpoint.com/security/advisories/TSRT-06-09.html", "refsource": "MISC", "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-09.html" }, { "name": "19340", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19340" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-3638", "datePublished": "2006-08-08T23:00:00", "dateReserved": "2006-07-17T00:00:00", "dateUpdated": "2024-08-07T18:39:53.456Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1155 (GCVE-0-2004-1155)
Vulnerability from cvelistv5
Published
2004-12-10 05:00
Modified
2024-08-08 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:39:00.842Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "11855", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11855" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/" }, { "name": "22628", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22628" }, { "name": "20061025 IE7 status: 8 days after release, 3 unfixed issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" }, { "name": "13251", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/13251/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://secunia.com/secunia_research/2004-13/advisory/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-12-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "11855", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11855" }, { "tags": [ "x_refsource_MISC" ], "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/" }, { "name": "22628", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22628" }, { "name": "20061025 IE7 status: 8 days after release, 3 unfixed issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" }, { "name": "13251", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/13251/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://secunia.com/secunia_research/2004-13/advisory/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1155", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "11855", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11855" }, { "name": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/", "refsource": "MISC", "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/" }, { "name": "22628", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22628" }, { "name": "20061025 IE7 status: 8 days after release, 3 unfixed issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" }, { "name": "13251", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13251/" }, { "name": "http://secunia.com/secunia_research/2004-13/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2004-13/advisory/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1155", "datePublished": "2004-12-10T05:00:00", "dateReserved": "2004-12-08T00:00:00", "dateUpdated": "2024-08-08T00:39:00.842Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0212 (GCVE-0-2004-0212)
Vulnerability from cvelistv5
Published
2004-07-14 04:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:10:03.705Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20040714 Unchecked buffer in mstask.dll", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=108981403025596\u0026w=2" }, { "name": "win-taskscheduler-bo(16591)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16591" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ngssoftware.com/advisories/mstaskjob.txt" }, { "name": "TA04-196A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "name": "oval:org.mitre.oval:def:3428", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428" }, { "name": "oval:org.mitre.oval:def:1344", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344" }, { "name": "20040714 Microsoft Windows Task Scheduler \u0027.job\u0027 Stack Overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=108981273009250\u0026w=2" }, { "name": "oval:org.mitre.oval:def:1964", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964" }, { "name": "oval:org.mitre.oval:def:1781", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781" }, { "name": "VU#228028", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/228028" }, { "name": "MS04-022", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022" }, { "name": "12060", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/12060" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-07-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20040714 Unchecked buffer in mstask.dll", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=108981403025596\u0026w=2" }, { "name": "win-taskscheduler-bo(16591)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16591" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ngssoftware.com/advisories/mstaskjob.txt" }, { "name": "TA04-196A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "name": "oval:org.mitre.oval:def:3428", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428" }, { "name": "oval:org.mitre.oval:def:1344", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344" }, { "name": "20040714 Microsoft Windows Task Scheduler \u0027.job\u0027 Stack Overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=108981273009250\u0026w=2" }, { "name": "oval:org.mitre.oval:def:1964", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964" }, { "name": "oval:org.mitre.oval:def:1781", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781" }, { "name": "VU#228028", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/228028" }, { "name": "MS04-022", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022" }, { "name": "12060", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/12060" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0212", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20040714 Unchecked buffer in mstask.dll", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=108981403025596\u0026w=2" }, { "name": "win-taskscheduler-bo(16591)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16591" }, { "name": "http://www.ngssoftware.com/advisories/mstaskjob.txt", "refsource": "MISC", "url": "http://www.ngssoftware.com/advisories/mstaskjob.txt" }, { "name": "TA04-196A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "name": "oval:org.mitre.oval:def:3428", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428" }, { "name": "oval:org.mitre.oval:def:1344", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344" }, { "name": "20040714 Microsoft Windows Task Scheduler \u0027.job\u0027 Stack Overflow", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=108981273009250\u0026w=2" }, { "name": "oval:org.mitre.oval:def:1964", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964" }, { "name": "oval:org.mitre.oval:def:1781", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781" }, { "name": "VU#228028", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/228028" }, { "name": "MS04-022", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022" }, { "name": "12060", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12060" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0212", "datePublished": "2004-07-14T04:00:00", "dateReserved": "2004-03-11T00:00:00", "dateUpdated": "2024-08-08T00:10:03.705Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-3902 (GCVE-0-2007-3902)
Vulnerability from cvelistv5
Published
2007-12-12 00:00
Modified
2024-08-07 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T14:37:05.945Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "26506", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/26506" }, { "name": "1019078", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1019078" }, { "name": "20071211 Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631" }, { "name": "SSRT071506", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "28036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28036" }, { "name": "MS07-069", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "name": "ADV-2007-4184", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "name": "HPSBST02299", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "TA07-345A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "name": "20071211 ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/484887/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-073.html" }, { "name": "oval:org.mitre.oval:def:4582", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582" }, { "name": "ie-uninit-object-code-execution(38713)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38713" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-12-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of \"Uninitialized Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-15T20:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "26506", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/26506" }, { "name": "1019078", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1019078" }, { "name": "20071211 Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631" }, { "name": "SSRT071506", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "28036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28036" }, { "name": "MS07-069", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "name": "ADV-2007-4184", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "name": "HPSBST02299", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "TA07-345A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "name": "20071211 ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/484887/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-073.html" }, { "name": "oval:org.mitre.oval:def:4582", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582" }, { "name": "ie-uninit-object-code-execution(38713)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38713" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-3902", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of \"Uninitialized Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "26506", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26506" }, { "name": "1019078", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019078" }, { "name": "20071211 Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631" }, { "name": "SSRT071506", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "28036", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28036" }, { "name": "MS07-069", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "name": "ADV-2007-4184", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "name": "HPSBST02299", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "TA07-345A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "name": "20071211 ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/484887/100/0/threaded" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-073.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-073.html" }, { "name": "oval:org.mitre.oval:def:4582", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582" }, { "name": "ie-uninit-object-code-execution(38713)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38713" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-3902", "datePublished": "2007-12-12T00:00:00", "dateReserved": "2007-07-19T00:00:00", "dateUpdated": "2024-08-07T14:37:05.945Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-0152 (GCVE-0-2002-0152)
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:42:27.609Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20020416 w00w00 on Microsoft IE/Office for Mac OS", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=101897994314015\u0026w=2" }, { "name": "MS02-019", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019" }, { "name": "5357", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/5357" }, { "name": "4517", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/4517" }, { "name": "ms-mac-html-file-bo(8850)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/8850.php" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-04-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2002-06-16T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20020416 w00w00 on Microsoft IE/Office for Mac OS", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=101897994314015\u0026w=2" }, { "name": "MS02-019", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019" }, { "name": "5357", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/5357" }, { "name": "4517", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/4517" }, { "name": "ms-mac-html-file-bo(8850)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/8850.php" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0152", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20020416 w00w00 on Microsoft IE/Office for Mac OS", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=101897994314015\u0026w=2" }, { "name": "MS02-019", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019" }, { "name": "5357", "refsource": "OSVDB", "url": "http://www.osvdb.org/5357" }, { "name": "4517", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4517" }, { "name": "ms-mac-html-file-bo(8850)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8850.php" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0152", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2002-03-19T00:00:00", "dateUpdated": "2024-08-08T02:42:27.609Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-2383 (GCVE-0-2004-2383)
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:22:13.679Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "9761", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9761" }, { "name": "20040227 Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://www.idefense.com/application/poi/display?id=77\u0026type=vulnerabilities\u0026flashstatus=false" }, { "name": "ie-frame-domain-bypass(15337)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15337" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-27T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "9761", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9761" }, { "name": "20040227 Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://www.idefense.com/application/poi/display?id=77\u0026type=vulnerabilities\u0026flashstatus=false" }, { "name": "ie-frame-domain-bypass(15337)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15337" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2383", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "9761", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9761" }, { "name": "20040227 Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass", "refsource": "IDEFENSE", "url": "http://www.idefense.com/application/poi/display?id=77\u0026type=vulnerabilities\u0026flashstatus=false" }, { "name": "ie-frame-domain-bypass(15337)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15337" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2383", "datePublished": "2005-08-16T04:00:00", "dateReserved": "2005-08-16T00:00:00", "dateUpdated": "2024-08-08T01:22:13.679Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-3240 (GCVE-0-2005-3240)
Vulnerability from cvelistv5
Published
2006-02-14 11:00
Modified
2024-08-07 23:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.
References
► | URL | Tags | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T23:01:59.076Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20060213 Internet Explorer drag\u0026drop 0day", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded" }, { "name": "ADV-2006-0553", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/0553" }, { "name": "18787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18787" }, { "name": "20060214 Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html" }, { "name": "16352", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/16352" }, { "name": "ie-dragdrop-variant(24648)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648" }, { "name": "1015049", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015049" }, { "name": "2707", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/2707" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-02-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20060213 Internet Explorer drag\u0026drop 0day", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded" }, { "name": "ADV-2006-0553", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/0553" }, { "name": "18787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18787" }, { "name": "20060214 Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html" }, { "name": "16352", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/16352" }, { "name": "ie-dragdrop-variant(24648)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648" }, { "name": "1015049", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015049" }, { "name": "2707", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/2707" }, { "tags": [ "x_refsource_MISC" ], "url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3240", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20060213 Internet Explorer drag\u0026drop 0day", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded" }, { "name": "ADV-2006-0553", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0553" }, { "name": "18787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18787" }, { "name": "20060214 Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded" }, { "name": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html", "refsource": "MISC", "url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html" }, { "name": "16352", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16352" }, { "name": "ie-dragdrop-variant(24648)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648" }, { "name": "1015049", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015049" }, { "name": "2707", "refsource": "OSVDB", "url": "http://www.osvdb.org/2707" }, { "name": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx", "refsource": "MISC", "url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3240", "datePublished": "2006-02-14T11:00:00", "dateReserved": "2005-10-17T00:00:00", "dateUpdated": "2024-08-07T23:01:59.076Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0284 (GCVE-0-2004-0284)
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:10:03.997Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "9629", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9629" }, { "name": "ie-host-null-dos(15127)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15127" }, { "name": "20040210 ASPR #2004-01-20-1: Internet Explorer/Outlook double null character DoS", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107643134712133\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if \"Do not save encrypted pages to disk\" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "9629", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9629" }, { "name": "ie-host-null-dos(15127)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15127" }, { "name": "20040210 ASPR #2004-01-20-1: Internet Explorer/Outlook double null character DoS", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107643134712133\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0284", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if \"Do not save encrypted pages to disk\" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "9629", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9629" }, { "name": "ie-host-null-dos(15127)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15127" }, { "name": "20040210 ASPR #2004-01-20-1: Internet Explorer/Outlook double null character DoS", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107643134712133\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0284", "datePublished": "2004-03-18T05:00:00", "dateReserved": "2004-03-17T00:00:00", "dateUpdated": "2024-08-08T00:10:03.997Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0866 (GCVE-0-2004-0866)
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:47.905Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2" }, { "name": "1011332", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1011332" }, { "name": "web-browser-session-hijack(17415)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415" }, { "name": "11186", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11186" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-09-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2" }, { "name": "1011332", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1011332" }, { "name": "web-browser-session-hijack(17415)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415" }, { "name": "11186", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11186" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0866", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2" }, { "name": "1011332", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1011332" }, { "name": "web-browser-session-hijack(17415)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415" }, { "name": "11186", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11186" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0866", "datePublished": "2005-02-13T05:00:00", "dateReserved": "2004-09-14T00:00:00", "dateUpdated": "2024-08-08T00:31:47.905Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3639 (GCVE-0-2006-3639)
Vulnerability from cvelistv5
Published
2006-08-09 00:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:39:53.636Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1016663", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "21396", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21396" }, { "name": "27851", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/27851" }, { "name": "ADV-2006-3212", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "TA06-220A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "VU#252764", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/252764" }, { "name": "19400", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19400" }, { "name": "oval:org.mitre.oval:def:577", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka \"Source Element Cross-Domain Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "1016663", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "21396", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21396" }, { "name": "27851", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/27851" }, { "name": "ADV-2006-3212", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "TA06-220A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "VU#252764", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/252764" }, { "name": "19400", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19400" }, { "name": "oval:org.mitre.oval:def:577", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-3639", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka \"Source Element Cross-Domain Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1016663", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "21396", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21396" }, { "name": "27851", "refsource": "OSVDB", "url": "http://www.osvdb.org/27851" }, { "name": "ADV-2006-3212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "TA06-220A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "VU#252764", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/252764" }, { "name": "19400", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19400" }, { "name": "oval:org.mitre.oval:def:577", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-3639", "datePublished": "2006-08-09T00:00:00", "dateReserved": "2006-07-17T00:00:00", "dateUpdated": "2024-08-07T18:39:53.636Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-1359 (GCVE-0-2006-1359)
Vulnerability from cvelistv5
Published
2006-03-23 00:00
Modified
2024-08-07 17:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:12:20.692Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.computerterrorism.com/research/ct22-03-2006" }, { "name": "20060328 EEYE: Temporary workaround for IE createTextRange vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/429088/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1678", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678" }, { "name": "20060328 Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote \"CreateTextRange()\" Code Execution)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/429124/30/6120/threaded" }, { "name": "ADV-2006-1050", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/1050" }, { "name": "oval:org.mitre.oval:def:985", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985" }, { "name": "VU#876678", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/876678" }, { "name": "24050", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/24050" }, { "name": "oval:org.mitre.oval:def:1178", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178" }, { "name": "20060322 IE crash", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html" }, { "name": "TA06-101A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "oval:org.mitre.oval:def:1702", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702" }, { "name": "18680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18680" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://secunia.com/secunia_research/2006-7/advisory/" }, { "name": "oval:org.mitre.oval:def:1657", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657" }, { "name": "ie-createtextrange-command-execution(25379)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25379" }, { "name": "20060327 Determina Fix for the IE createTextRange() bug", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html" }, { "name": "1015812", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015812" }, { "name": "MS06-013", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "20060322 IE crash", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/428441" }, { "name": "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html" }, { "name": "20060322 FW: [Full-disclosure] IE crash", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html" }, { "name": "20060323 Secunia Research: Microsoft Internet Explorer \"createTextRange()\"Code Execution", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/428600/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.microsoft.com/technet/security/advisory/917077.mspx" }, { "name": "17196", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/17196" }, { "name": "Q-154", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred" ], "url": "http://www.ciac.org/ciac/bulletins/q-154.shtml" }, { "name": "ADV-2006-1318", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/428583/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-03-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.computerterrorism.com/research/ct22-03-2006" }, { "name": "20060328 EEYE: Temporary workaround for IE createTextRange vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/429088/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1678", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678" }, { "name": "20060328 Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote \"CreateTextRange()\" Code Execution)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/429124/30/6120/threaded" }, { "name": "ADV-2006-1050", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/1050" }, { "name": "oval:org.mitre.oval:def:985", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985" }, { "name": "VU#876678", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/876678" }, { "name": "24050", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/24050" }, { "name": "oval:org.mitre.oval:def:1178", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178" }, { "name": "20060322 IE crash", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html" }, { "name": "TA06-101A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "oval:org.mitre.oval:def:1702", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702" }, { "name": "18680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18680" }, { "tags": [ "x_refsource_MISC" ], "url": "http://secunia.com/secunia_research/2006-7/advisory/" }, { "name": "oval:org.mitre.oval:def:1657", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657" }, { "name": "ie-createtextrange-command-execution(25379)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25379" }, { "name": "20060327 Determina Fix for the IE createTextRange() bug", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html" }, { "name": "1015812", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015812" }, { "name": "MS06-013", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "20060322 IE crash", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/428441" }, { "name": "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html" }, { "name": "20060322 FW: [Full-disclosure] IE crash", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html" }, { "name": "20060323 Secunia Research: Microsoft Internet Explorer \"createTextRange()\"Code Execution", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/428600/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.microsoft.com/technet/security/advisory/917077.mspx" }, { "name": "17196", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/17196" }, { "name": "Q-154", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC" ], "url": "http://www.ciac.org/ciac/bulletins/q-154.shtml" }, { "name": "ADV-2006-1318", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/428583/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-1359", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.computerterrorism.com/research/ct22-03-2006", "refsource": "MISC", "url": "http://www.computerterrorism.com/research/ct22-03-2006" }, { "name": "20060328 EEYE: Temporary workaround for IE createTextRange vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/429088/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1678", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678" }, { "name": "20060328 Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote \"CreateTextRange()\" Code Execution)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/429124/30/6120/threaded" }, { "name": "ADV-2006-1050", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1050" }, { "name": "oval:org.mitre.oval:def:985", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985" }, { "name": "VU#876678", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/876678" }, { "name": "24050", "refsource": "OSVDB", "url": "http://www.osvdb.org/24050" }, { "name": "oval:org.mitre.oval:def:1178", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178" }, { "name": "20060322 IE crash", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html" }, { "name": "TA06-101A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "oval:org.mitre.oval:def:1702", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702" }, { "name": "18680", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18680" }, { "name": "http://secunia.com/secunia_research/2006-7/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2006-7/advisory/" }, { "name": "oval:org.mitre.oval:def:1657", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657" }, { "name": "ie-createtextrange-command-execution(25379)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25379" }, { "name": "20060327 Determina Fix for the IE createTextRange() bug", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html" }, { "name": "1015812", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015812" }, { "name": "MS06-013", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "20060322 IE crash", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/428441" }, { "name": "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html" }, { "name": "20060322 FW: [Full-disclosure] IE crash", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html" }, { "name": "20060323 Secunia Research: Microsoft Internet Explorer \"createTextRange()\"Code Execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/428600/100/0/threaded" }, { "name": "http://www.microsoft.com/technet/security/advisory/917077.mspx", "refsource": "CONFIRM", "url": "http://www.microsoft.com/technet/security/advisory/917077.mspx" }, { "name": "17196", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17196" }, { "name": "Q-154", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/q-154.shtml" }, { "name": "ADV-2006-1318", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/428583/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-1359", "datePublished": "2006-03-23T00:00:00", "dateReserved": "2006-03-22T00:00:00", "dateUpdated": "2024-08-07T17:12:20.692Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0526 (GCVE-0-2004-0526)
Vulnerability from cvelistv5
Published
2004-06-08 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:24:25.805Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-ahref-url-spoofing(16102)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102" }, { "name": "20040510 DEEP SEA PHISHING: Internet Explorer / Outlook Express", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=108422905510713\u0026w=2" }, { "name": "10308", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/10308" }, { "name": "20040517 Microsoft Internet Explorer ImageMap URL Spoof Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.kurczaba.com/securityadvisories/0405132poc.htm" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ie-ahref-url-spoofing(16102)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102" }, { "name": "20040510 DEEP SEA PHISHING: Internet Explorer / Outlook Express", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=108422905510713\u0026w=2" }, { "name": "10308", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/10308" }, { "name": "20040517 Microsoft Internet Explorer ImageMap URL Spoof Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.kurczaba.com/securityadvisories/0405132poc.htm" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0526", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-ahref-url-spoofing(16102)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102" }, { "name": "20040510 DEEP SEA PHISHING: Internet Explorer / Outlook Express", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=108422905510713\u0026w=2" }, { "name": "10308", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10308" }, { "name": "20040517 Microsoft Internet Explorer ImageMap URL Spoof Vulnerability", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html" }, { "name": "http://www.kurczaba.com/securityadvisories/0405132poc.htm", "refsource": "MISC", "url": "http://www.kurczaba.com/securityadvisories/0405132poc.htm" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0526", "datePublished": "2004-06-08T04:00:00", "dateReserved": "2004-06-03T00:00:00", "dateUpdated": "2024-08-08T00:24:25.805Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3659 (GCVE-0-2006-3659)
Vulnerability from cvelistv5
Published
2006-07-17 19:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:39:53.692Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "27108", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/27108" }, { "name": "19013", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19013" }, { "name": "ie-mhtmlfile-dos(27761)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27761" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html" }, { "name": "ADV-2006-2831", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2831" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "27108", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/27108" }, { "name": "19013", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19013" }, { "name": "ie-mhtmlfile-dos(27761)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27761" }, { "tags": [ "x_refsource_MISC" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html" }, { "name": "ADV-2006-2831", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2831" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3659", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "27108", "refsource": "OSVDB", "url": "http://www.osvdb.org/27108" }, { "name": "19013", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19013" }, { "name": "ie-mhtmlfile-dos(27761)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27761" }, { "name": "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html", "refsource": "MISC", "url": "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html" }, { "name": "ADV-2006-2831", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2831" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3659", "datePublished": "2006-07-17T19:00:00", "dateReserved": "2006-07-17T00:00:00", "dateUpdated": "2024-08-07T18:39:53.692Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-2057 (GCVE-0-2009-2057)
Vulnerability from cvelistv5
Published
2009-06-15 19:00
Modified
2024-09-17 01:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:36:20.859Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an \"SSL tampering\" attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-06-15T19:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2057", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an \"SSL tampering\" attack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", "refsource": "MISC", "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" }, { "name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", "refsource": "MISC", "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2057", "datePublished": "2009-06-15T19:00:00Z", "dateReserved": "2009-06-15T00:00:00Z", "dateUpdated": "2024-09-17T01:11:07.908Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-0553 (GCVE-0-2005-0553)
Vulnerability from cvelistv5
Published
2005-04-13 04:00
Modified
2024-08-07 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T21:21:05.531Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#774338", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/774338" }, { "name": "ie-dhtml-bo(19831)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19831" }, { "name": "oval:org.mitre.oval:def:1695", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1695" }, { "name": "20050412 Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://www.idefense.com/application/poi/display?id=228\u0026type=vulnerabilities" }, { "name": "14922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14922/" }, { "name": "MS05-020", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020" }, { "name": "oval:org.mitre.oval:def:4985", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4985" }, { "name": "oval:org.mitre.oval:def:4874", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4874" }, { "name": "oval:org.mitre.oval:def:3100", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3100" }, { "name": "TA05-102A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html" }, { "name": "oval:org.mitre.oval:def:3752", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3752" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-04-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka \"DHTML Object Memory Corruption Vulnerability\"." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "VU#774338", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/774338" }, { "name": "ie-dhtml-bo(19831)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19831" }, { "name": "oval:org.mitre.oval:def:1695", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1695" }, { "name": "20050412 Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://www.idefense.com/application/poi/display?id=228\u0026type=vulnerabilities" }, { "name": "14922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14922/" }, { "name": "MS05-020", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020" }, { "name": "oval:org.mitre.oval:def:4985", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4985" }, { "name": "oval:org.mitre.oval:def:4874", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4874" }, { "name": "oval:org.mitre.oval:def:3100", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3100" }, { "name": "TA05-102A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html" }, { "name": "oval:org.mitre.oval:def:3752", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3752" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2005-0553", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka \"DHTML Object Memory Corruption Vulnerability\"." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#774338", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/774338" }, { "name": "ie-dhtml-bo(19831)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19831" }, { "name": "oval:org.mitre.oval:def:1695", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1695" }, { "name": "20050412 Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability", "refsource": "IDEFENSE", "url": "http://www.idefense.com/application/poi/display?id=228\u0026type=vulnerabilities" }, { "name": "14922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14922/" }, { "name": "MS05-020", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020" }, { "name": "oval:org.mitre.oval:def:4985", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4985" }, { "name": "oval:org.mitre.oval:def:4874", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4874" }, { "name": "oval:org.mitre.oval:def:3100", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3100" }, { "name": "TA05-102A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html" }, { "name": "oval:org.mitre.oval:def:3752", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3752" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2005-0553", "datePublished": "2005-04-13T04:00:00", "dateReserved": "2005-02-26T00:00:00", "dateUpdated": "2024-08-07T21:21:05.531Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-2090 (GCVE-0-2004-2090)
Vulnerability from cvelistv5
Published
2005-05-19 04:00
Modified
2024-08-08 01:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:15:01.449Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "9611", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9611" }, { "name": "20040207 (no subject)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html" }, { "name": "ie-error-obtain-information(15078)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15078" }, { "name": "10820", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10820" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "9611", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9611" }, { "name": "20040207 (no subject)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html" }, { "name": "ie-error-obtain-information(15078)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15078" }, { "name": "10820", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10820" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2090", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "9611", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9611" }, { "name": "20040207 (no subject)", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html" }, { "name": "ie-error-obtain-information(15078)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15078" }, { "name": "10820", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10820" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2090", "datePublished": "2005-05-19T04:00:00", "dateReserved": "2005-05-19T00:00:00", "dateUpdated": "2024-08-08T01:15:01.449Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-0612 (GCVE-0-2007-0612)
Vulnerability from cvelistv5
Published
2007-01-31 11:00
Modified
2024-08-07 12:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.
References
► | URL | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:26:54.433Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20070128 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html" }, { "name": "20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/458443/100/0/threaded" }, { "name": "32628", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/32628" }, { "name": "ie-activex-bgcolor-dos(31867)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31867" }, { "name": "2199", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2199" }, { "name": "20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html" }, { "name": "22288", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22288" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-01-27T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20070128 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html" }, { "name": "20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/458443/100/0/threaded" }, { "name": "32628", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/32628" }, { "name": "ie-activex-bgcolor-dos(31867)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31867" }, { "name": "2199", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2199" }, { "name": "20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html" }, { "name": "22288", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22288" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0612", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20070128 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html" }, { "name": "20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/458443/100/0/threaded" }, { "name": "32628", "refsource": "OSVDB", "url": "http://osvdb.org/32628" }, { "name": "ie-activex-bgcolor-dos(31867)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31867" }, { "name": "2199", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2199" }, { "name": "20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html" }, { "name": "22288", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22288" }, { "name": "http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html", "refsource": "MISC", "url": "http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0612", "datePublished": "2007-01-31T11:00:00", "dateReserved": "2007-01-30T00:00:00", "dateUpdated": "2024-08-07T12:26:54.433Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-1989 (GCVE-0-2005-1989)
Vulnerability from cvelistv5
Published
2005-08-10 04:00
Modified
2024-08-07 22:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".
References
► | URL | Tags | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:06:57.859Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:790", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A790" }, { "name": "oval:org.mitre.oval:def:888", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A888" }, { "name": "oval:org.mitre.oval:def:1319", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1319" }, { "name": "16373", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/16373/" }, { "name": "oval:org.mitre.oval:def:100081", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100081" }, { "name": "14512", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/14512" }, { "name": "oval:org.mitre.oval:def:100082", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082" }, { "name": "MS05-038", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "name": "oval:org.mitre.oval:def:697", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A697" }, { "name": "ADV-2005-1353", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/1353" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-08-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka \"Web Folder Behaviors Cross-Domain Vulnerability\"." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "oval:org.mitre.oval:def:790", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A790" }, { "name": "oval:org.mitre.oval:def:888", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A888" }, { "name": "oval:org.mitre.oval:def:1319", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1319" }, { "name": "16373", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/16373/" }, { "name": "oval:org.mitre.oval:def:100081", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100081" }, { "name": "14512", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/14512" }, { "name": "oval:org.mitre.oval:def:100082", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082" }, { "name": "MS05-038", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "name": "oval:org.mitre.oval:def:697", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A697" }, { "name": "ADV-2005-1353", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/1353" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2005-1989", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka \"Web Folder Behaviors Cross-Domain Vulnerability\"." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:790", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A790" }, { "name": "oval:org.mitre.oval:def:888", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A888" }, { "name": "oval:org.mitre.oval:def:1319", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1319" }, { "name": "16373", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/16373/" }, { "name": "oval:org.mitre.oval:def:100081", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100081" }, { "name": "14512", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14512" }, { "name": "oval:org.mitre.oval:def:100082", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082" }, { "name": "MS05-038", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "name": "oval:org.mitre.oval:def:697", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A697" }, { "name": "ADV-2005-1353", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/1353" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2005-1989", "datePublished": "2005-08-10T04:00:00", "dateReserved": "2005-06-17T00:00:00", "dateUpdated": "2024-08-07T22:06:57.859Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-1990 (GCVE-0-2005-1990)
Vulnerability from cvelistv5
Published
2005-08-10 04:00
Modified
2024-08-07 22:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:06:57.980Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:1235", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235" }, { "name": "VU#959049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "14511", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/14511" }, { "name": "oval:org.mitre.oval:def:1061", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061" }, { "name": "16373", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/16373/" }, { "name": "oval:org.mitre.oval:def:1221", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221" }, { "name": "TA05-221A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" }, { "name": "oval:org.mitre.oval:def:100082", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082" }, { "name": "MS05-038", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "name": "oval:org.mitre.oval:def:1337", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337" }, { "name": "1014643", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1014643" }, { "name": "ADV-2005-1353", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/1353" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-08-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka \"COM Object Instantiation Memory Corruption Vulnerability,\" a different vulnerability than CVE-2005-2087." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "oval:org.mitre.oval:def:1235", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235" }, { "name": "VU#959049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "14511", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/14511" }, { "name": "oval:org.mitre.oval:def:1061", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061" }, { "name": "16373", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/16373/" }, { "name": "oval:org.mitre.oval:def:1221", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221" }, { "name": "TA05-221A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" }, { "name": "oval:org.mitre.oval:def:100082", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082" }, { "name": "MS05-038", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "name": "oval:org.mitre.oval:def:1337", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337" }, { "name": "1014643", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1014643" }, { "name": "ADV-2005-1353", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/1353" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2005-1990", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka \"COM Object Instantiation Memory Corruption Vulnerability,\" a different vulnerability than CVE-2005-2087." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:1235", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235" }, { "name": "VU#959049", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "14511", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14511" }, { "name": "oval:org.mitre.oval:def:1061", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061" }, { "name": "16373", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/16373/" }, { "name": "oval:org.mitre.oval:def:1221", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221" }, { "name": "TA05-221A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" }, { "name": "oval:org.mitre.oval:def:100082", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082" }, { "name": "MS05-038", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "name": "oval:org.mitre.oval:def:1337", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337" }, { "name": "1014643", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014643" }, { "name": "ADV-2005-1353", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/1353" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2005-1990", "datePublished": "2005-08-10T04:00:00", "dateReserved": "2005-06-17T00:00:00", "dateUpdated": "2024-08-07T22:06:57.980Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1104 (GCVE-0-2004-1104)
Vulnerability from cvelistv5
Published
2004-12-01 05:00
Modified
2024-08-08 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:39:00.777Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "11273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/11273" }, { "name": "20041030 Re: New URL spoofing bug in Microsoft Internet Explorer", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/379903" }, { "name": "ie-ahref-status-spoofing(17938)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17938" }, { "name": "VU#702086", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/702086" }, { "name": "11565", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11565" }, { "name": "20060218 Re: Internet Explorer Phishing mouseover issue", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/425386/100/0/threaded" }, { "name": "20060223 Re: Internet Explorer Phishing mouseover issue", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/425883/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-10-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty \"href\" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "11273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/11273" }, { "name": "20041030 Re: New URL spoofing bug in Microsoft Internet Explorer", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/379903" }, { "name": "ie-ahref-status-spoofing(17938)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17938" }, { "name": "VU#702086", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/702086" }, { "name": "11565", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11565" }, { "name": "20060218 Re: Internet Explorer Phishing mouseover issue", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/425386/100/0/threaded" }, { "name": "20060223 Re: Internet Explorer Phishing mouseover issue", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/425883/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1104", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty \"href\" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "11273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11273" }, { "name": "20041030 Re: New URL spoofing bug in Microsoft Internet Explorer", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/379903" }, { "name": "ie-ahref-status-spoofing(17938)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17938" }, { "name": "VU#702086", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/702086" }, { "name": "11565", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11565" }, { "name": "20060218 Re: Internet Explorer Phishing mouseover issue", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/425386/100/0/threaded" }, { "name": "20060223 Re: Internet Explorer Phishing mouseover issue", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/425883/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1104", "datePublished": "2004-12-01T05:00:00", "dateReserved": "2004-11-30T00:00:00", "dateUpdated": "2024-08-08T00:39:00.777Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-1791 (GCVE-0-2005-1791)
Vulnerability from cvelistv5
Published
2005-06-01 04:00
Modified
2024-08-07 22:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:06:56.556Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "13798", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/13798" }, { "name": "20050531 Microsoft Internet Explorer - Crash on adding sites to restricted zone (05/28/2005)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=111746303509720\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-05-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "13798", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/13798" }, { "name": "20050531 Microsoft Internet Explorer - Crash on adding sites to restricted zone (05/28/2005)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=111746303509720\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-1791", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "13798", "refsource": "BID", "url": "http://www.securityfocus.com/bid/13798" }, { "name": "20050531 Microsoft Internet Explorer - Crash on adding sites to restricted zone (05/28/2005)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=111746303509720\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-1791", "datePublished": "2005-06-01T04:00:00", "dateReserved": "2005-06-01T00:00:00", "dateUpdated": "2024-08-07T22:06:56.556Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-0768 (GCVE-0-2000-0768)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:28:41.425Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1564", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/1564" }, { "name": "MS00-055", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-08-09T00:00:00", "descriptions": [ { "lang": "en", "value": "A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the \"Frame Domain Verification\" vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1564", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/1564" }, { "name": "MS00-055", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0768", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the \"Frame Domain Verification\" vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1564", "refsource": "BID", "url": "http://www.securityfocus.com/bid/1564" }, { "name": "MS00-055", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0768", "datePublished": "2000-10-13T04:00:00", "dateReserved": "2000-09-19T00:00:00", "dateUpdated": "2024-08-08T05:28:41.425Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0115 (GCVE-0-2003-0115)
Vulnerability from cvelistv5
Published
2003-05-02 04:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:43:35.498Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-improper-thirdparty-rendering(11848)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/11848.php" }, { "name": "MS03-015", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-04-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the \"Third Party Plugin Rendering\" vulnerability, a different vulnerability than CVE-2003-0233." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ie-improper-thirdparty-rendering(11848)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/11848.php" }, { "name": "MS03-015", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0115", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the \"Third Party Plugin Rendering\" vulnerability, a different vulnerability than CVE-2003-0233." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-improper-thirdparty-rendering(11848)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/11848.php" }, { "name": "MS03-015", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0115", "datePublished": "2003-05-02T04:00:00", "dateReserved": "2003-02-26T00:00:00", "dateUpdated": "2024-08-08T01:43:35.498Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0719 (GCVE-0-2004-0719)
Vulnerability from cvelistv5
Published
2004-07-23 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:24:27.058Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "http-frame-spoof(1598)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" }, { "name": "11978", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/11978" }, { "name": "11966", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/11966" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-07-02T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "http-frame-spoof(1598)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" }, { "name": "11978", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/11978" }, { "name": "11966", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/11966" }, { "tags": [ "x_refsource_MISC" ], "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0719", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http-frame-spoof(1598)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" }, { "name": "11978", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11978" }, { "name": "11966", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11966" }, { "name": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", "refsource": "MISC", "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0719", "datePublished": "2004-07-23T04:00:00", "dateReserved": "2004-07-22T00:00:00", "dateUpdated": "2024-08-08T00:24:27.058Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-4269 (GCVE-0-2005-4269)
Vulnerability from cvelistv5
Published
2005-12-15 20:00
Modified
2024-09-16 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T23:38:51.406Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "908233", "tags": [ "vendor-advisory", "x_refsource_MSKB", "x_transferred" ], "url": "http://support.microsoft.com/kb/908233/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the \"Delete\" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-12-15T20:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "908233", "tags": [ "vendor-advisory", "x_refsource_MSKB" ], "url": "http://support.microsoft.com/kb/908233/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4269", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the \"Delete\" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "908233", "refsource": "MSKB", "url": "http://support.microsoft.com/kb/908233/" }, { "name": "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html", "refsource": "MISC", "url": "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4269", "datePublished": "2005-12-15T20:00:00Z", "dateReserved": "2005-12-15T00:00:00Z", "dateUpdated": "2024-09-16T17:18:55.920Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3637 (GCVE-0-2006-3637)
Vulnerability from cvelistv5
Published
2006-08-08 23:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
References
► | URL | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:39:53.479Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "27853", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/27853" }, { "name": "1016663", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "21396", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "TA06-220A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "VU#340060", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/340060" }, { "name": "oval:org.mitre.oval:def:502", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "27853", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/27853" }, { "name": "1016663", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "21396", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "TA06-220A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "VU#340060", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/340060" }, { "name": "oval:org.mitre.oval:def:502", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-3637", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "27853", "refsource": "OSVDB", "url": "http://www.osvdb.org/27853" }, { "name": "1016663", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "21396", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "TA06-220A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "VU#340060", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/340060" }, { "name": "oval:org.mitre.oval:def:502", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-3637", "datePublished": "2006-08-08T23:00:00", "dateReserved": "2006-07-17T00:00:00", "dateUpdated": "2024-08-07T18:39:53.479Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-1142 (GCVE-0-2002-1142)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:12:16.939Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:2730", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730" }, { "name": "20021120 Foundstone Advisory", "tags": [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html" }, { "name": "6214", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6214" }, { "name": "mdac-rds-client-bo(10669)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10669" }, { "name": "VU#542081", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/542081" }, { "name": "MS02-065", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065" }, { "name": "oval:org.mitre.oval:def:3573", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573" }, { "name": "CA-2002-33", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.cert.org/advisories/CA-2002-33.html" }, { "name": "mdac-rds-server-bo(10659)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10659" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337" }, { "name": "oval:org.mitre.oval:def:294", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-11-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2004-08-04T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:2730", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730" }, { "name": "20021120 Foundstone Advisory", "tags": [ "mailing-list", "x_refsource_VULNWATCH" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html" }, { "name": "6214", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/6214" }, { "name": "mdac-rds-client-bo(10669)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10669" }, { "name": "VU#542081", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/542081" }, { "name": "MS02-065", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065" }, { "name": "oval:org.mitre.oval:def:3573", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573" }, { "name": "CA-2002-33", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.cert.org/advisories/CA-2002-33.html" }, { "name": "mdac-rds-server-bo(10659)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10659" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337" }, { "name": "oval:org.mitre.oval:def:294", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1142", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:2730", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730" }, { "name": "20021120 Foundstone Advisory", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html" }, { "name": "6214", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6214" }, { "name": "mdac-rds-client-bo(10669)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10669" }, { "name": "VU#542081", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/542081" }, { "name": "MS02-065", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065" }, { "name": "oval:org.mitre.oval:def:3573", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573" }, { "name": "CA-2002-33", "refsource": "CERT", "url": "http://www.cert.org/advisories/CA-2002-33.html" }, { "name": "mdac-rds-server-bo(10659)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10659" }, { "name": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337", "refsource": "MISC", "url": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337" }, { "name": "oval:org.mitre.oval:def:294", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1142", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-09-23T00:00:00", "dateUpdated": "2024-08-08T03:12:16.939Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-1041 (GCVE-0-2003-1041)
Vulnerability from cvelistv5
Published
2004-05-20 04:00
Modified
2024-08-08 02:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
References
► | URL | Tags | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:12:35.674Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "TA04-196A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "name": "oval:org.mitre.oval:def:1186", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186" }, { "name": "9320", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9320" }, { "name": "MS04-023", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023" }, { "name": "oval:org.mitre.oval:def:1943", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943" }, { "name": "VU#187196", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/187196" }, { "name": "oval:org.mitre.oval:def:956", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956" }, { "name": "oval:org.mitre.oval:def:3514", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514" }, { "name": "ie-showhelp-directory-traversal(14105)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14105" }, { "name": "20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp()", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/348521" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-12-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing \"..\" (dot dot) sequences and a filename that ends in \"::\" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "TA04-196A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "name": "oval:org.mitre.oval:def:1186", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186" }, { "name": "9320", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9320" }, { "name": "MS04-023", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023" }, { "name": "oval:org.mitre.oval:def:1943", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943" }, { "name": "VU#187196", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/187196" }, { "name": "oval:org.mitre.oval:def:956", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956" }, { "name": "oval:org.mitre.oval:def:3514", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514" }, { "name": "ie-showhelp-directory-traversal(14105)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14105" }, { "name": "20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp()", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/348521" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1041", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing \"..\" (dot dot) sequences and a filename that ends in \"::\" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "TA04-196A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "name": "oval:org.mitre.oval:def:1186", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186" }, { "name": "9320", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9320" }, { "name": "MS04-023", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023" }, { "name": "oval:org.mitre.oval:def:1943", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943" }, { "name": "VU#187196", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/187196" }, { "name": "oval:org.mitre.oval:def:956", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956" }, { "name": "oval:org.mitre.oval:def:3514", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514" }, { "name": "ie-showhelp-directory-traversal(14105)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14105" }, { "name": "20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp()", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/348521" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1041", "datePublished": "2004-05-20T04:00:00", "dateReserved": "2004-05-13T00:00:00", "dateUpdated": "2024-08-08T02:12:35.674Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0867 (GCVE-0-2004-0867)
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:47.980Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2" }, { "name": "12580", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/12580/" }, { "name": "1011331", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1011331" }, { "name": "web-browser-session-hijack(17415)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html" }, { "name": "11186", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11186" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-09-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session. NOTE: it was later reported that 2.x is also affected." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2" }, { "name": "12580", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/12580/" }, { "name": "1011331", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1011331" }, { "name": "web-browser-session-hijack(17415)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342" }, { "tags": [ "x_refsource_MISC" ], "url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html" }, { "name": "11186", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11186" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0867", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session. NOTE: it was later reported that 2.x is also affected." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2" }, { "name": "12580", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12580/" }, { "name": "1011331", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1011331" }, { "name": "web-browser-session-hijack(17415)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342" }, { "name": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html", "refsource": "MISC", "url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html" }, { "name": "11186", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11186" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0867", "datePublished": "2004-09-24T04:00:00", "dateReserved": "2004-09-14T00:00:00", "dateUpdated": "2024-08-08T00:31:47.980Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-1186 (GCVE-0-2006-1186)
Vulnerability from cvelistv5
Published
2006-04-11 23:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:03:28.531Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#959049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "18957", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18957" }, { "name": "oval:org.mitre.oval:def:1589", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589" }, { "name": "oval:org.mitre.oval:def:1446", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446" }, { "name": "1015900", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015900" }, { "name": "oval:org.mitre.oval:def:1651", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651" }, { "name": "TA06-101A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "MS06-013", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "17453", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/17453" }, { "name": "ADV-2006-1318", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "ie-com-activex-execute-code(25545)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545" }, { "name": "oval:org.mitre.oval:def:1704", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704" }, { "name": "oval:org.mitre.oval:def:791", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-04-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "VU#959049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "18957", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18957" }, { "name": "oval:org.mitre.oval:def:1589", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589" }, { "name": "oval:org.mitre.oval:def:1446", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446" }, { "name": "1015900", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015900" }, { "name": "oval:org.mitre.oval:def:1651", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651" }, { "name": "TA06-101A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "MS06-013", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "17453", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/17453" }, { "name": "ADV-2006-1318", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "ie-com-activex-execute-code(25545)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545" }, { "name": "oval:org.mitre.oval:def:1704", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704" }, { "name": "oval:org.mitre.oval:def:791", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-1186", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#959049", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "18957", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18957" }, { "name": "oval:org.mitre.oval:def:1589", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589" }, { "name": "oval:org.mitre.oval:def:1446", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446" }, { "name": "1015900", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015900" }, { "name": "oval:org.mitre.oval:def:1651", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651" }, { "name": "TA06-101A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "MS06-013", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "17453", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17453" }, { "name": "ADV-2006-1318", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "ie-com-activex-execute-code(25545)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545" }, { "name": "oval:org.mitre.oval:def:1704", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704" }, { "name": "oval:org.mitre.oval:def:791", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-1186", "datePublished": "2006-04-11T23:00:00", "dateReserved": "2006-03-13T00:00:00", "dateUpdated": "2024-08-07T17:03:28.531Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3513 (GCVE-0-2006-3513)
Vulnerability from cvelistv5
Published
2006-07-11 23:00
Modified
2024-08-07 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:30:34.429Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-directanimation-dauserdata-dos(27622)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27622" }, { "name": "ADV-2006-2719", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2719" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html" }, { "name": "18902", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18902" }, { "name": "27013", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/27013" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-09T00:00:00", "descriptions": [ { "lang": "en", "value": "danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ie-directanimation-dauserdata-dos(27622)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27622" }, { "name": "ADV-2006-2719", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2719" }, { "tags": [ "x_refsource_MISC" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html" }, { "name": "18902", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18902" }, { "name": "27013", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/27013" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3513", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-directanimation-dauserdata-dos(27622)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27622" }, { "name": "ADV-2006-2719", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2719" }, { "name": "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html", "refsource": "MISC", "url": "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html" }, { "name": "18902", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18902" }, { "name": "27013", "refsource": "OSVDB", "url": "http://www.osvdb.org/27013" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3513", "datePublished": "2006-07-11T23:00:00", "dateReserved": "2006-07-11T00:00:00", "dateUpdated": "2024-08-07T18:30:34.429Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-4827 (GCVE-0-2005-4827)
Vulnerability from cvelistv5
Published
2007-02-07 20:00
Modified
2024-08-08 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:01:23.269Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20070203 Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2007/Feb/0081.html" }, { "name": "20070204 Re: Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded" }, { "name": "14969", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/14969" }, { "name": "20070203 Re: Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded" }, { "name": "20050924 \"Exploiting the XmlHttpRequest object in IE\" - paper by Amit Klein", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/411585" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-09-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20070203 Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2007/Feb/0081.html" }, { "name": "20070204 Re: Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded" }, { "name": "14969", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/14969" }, { "name": "20070203 Re: Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded" }, { "name": "20050924 \"Exploiting the XmlHttpRequest object in IE\" - paper by Amit Klein", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/411585" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4827", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20070203 Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2007/Feb/0081.html" }, { "name": "20070204 Re: Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded" }, { "name": "14969", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14969" }, { "name": "20070203 Re: Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded" }, { "name": "20050924 \"Exploiting the XmlHttpRequest object in IE\" - paper by Amit Klein", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/411585" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4827", "datePublished": "2007-02-07T20:00:00", "dateReserved": "2007-02-07T00:00:00", "dateUpdated": "2024-08-08T00:01:23.269Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-0057 (GCVE-0-2006-0057)
Vulnerability from cvelistv5
Published
2006-01-27 22:00
Modified
2024-08-07 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T16:18:20.727Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "23657", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/23657" }, { "name": "VU#998297", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/998297" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx" }, { "name": "16409", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/16409" }, { "name": "ie-activex-killbit-bypass(24379)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24379" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-01-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "23657", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/23657" }, { "name": "VU#998297", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/998297" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx" }, { "name": "16409", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/16409" }, { "name": "ie-activex-killbit-bypass(24379)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24379" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2006-0057", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "23657", "refsource": "OSVDB", "url": "http://www.osvdb.org/23657" }, { "name": "VU#998297", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/998297" }, { "name": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx", "refsource": "MISC", "url": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx" }, { "name": "16409", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16409" }, { "name": "ie-activex-killbit-bypass(24379)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24379" } ] } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2006-0057", "datePublished": "2006-01-27T22:00:00", "dateReserved": "2006-01-01T00:00:00", "dateUpdated": "2024-08-07T16:18:20.727Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-1028 (GCVE-0-2003-1028)
Vulnerability from cvelistv5
Published
2004-01-08 05:00
Modified
2024-08-08 02:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:12:35.822Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "7890", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/7890" }, { "name": "20031201 Comments on 5 IE vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "name": "ie-download-directory-disclosure(13847)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13847" }, { "name": "20031125 Note for \"Invalid ContentType may disclose cache directory\"", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106979428718705\u0026w=2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008" }, { "name": "20031125 Invalid ContentType may disclose cache directory", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106979624321665\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-11-25T00:00:00", "descriptions": [ { "lang": "en", "value": "The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "7890", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/7890" }, { "name": "20031201 Comments on 5 IE vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "name": "ie-download-directory-disclosure(13847)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13847" }, { "name": "20031125 Note for \"Invalid ContentType may disclose cache directory\"", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106979428718705\u0026w=2" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008" }, { "name": "20031125 Invalid ContentType may disclose cache directory", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106979624321665\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1028", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "7890", "refsource": "OSVDB", "url": "http://www.osvdb.org/7890" }, { "name": "20031201 Comments on 5 IE vulnerabilities", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "name": "ie-download-directory-disclosure(13847)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13847" }, { "name": "20031125 Note for \"Invalid ContentType may disclose cache directory\"", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106979428718705\u0026w=2" }, { "name": "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008", "refsource": "MISC", "url": "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008" }, { "name": "20031125 Invalid ContentType may disclose cache directory", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106979624321665\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1028", "datePublished": "2004-01-08T05:00:00", "dateReserved": "2004-01-07T00:00:00", "dateUpdated": "2024-08-08T02:12:35.822Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1166 (GCVE-0-2004-1166)
Vulnerability from cvelistv5
Published
2004-12-10 05:00
Modified
2024-08-08 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:39:01.102Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.rapid7.com/advisories/R7-0032.jsp" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "20080313 Rapid7 Advisory R7-0032: Microsoft Internet Explorer FTP Command Injection Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/489500/100/0/threaded" }, { "name": "20041207 7a69Adv#15 - Internet Explorer FTP command injection", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=110253463305359\u0026w=2" }, { "name": "29346", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29346" }, { "name": "11826", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11826" }, { "name": "web-browser-ftp-command-execution(18384)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384" }, { "name": "ADV-2006-3212", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "28208", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28208" }, { "name": "ADV-2008-0870", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0870" }, { "name": "12299", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/12299" }, { "name": "oval:org.mitre.oval:def:462", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462" }, { "name": "13404", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/13404" }, { "name": "1012444", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1012444" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (\"%0a\") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.rapid7.com/advisories/R7-0032.jsp" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "20080313 Rapid7 Advisory R7-0032: Microsoft Internet Explorer FTP Command Injection Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/489500/100/0/threaded" }, { "name": "20041207 7a69Adv#15 - Internet Explorer FTP command injection", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=110253463305359\u0026w=2" }, { "name": "29346", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29346" }, { "name": "11826", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11826" }, { "name": "web-browser-ftp-command-execution(18384)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384" }, { "name": "ADV-2006-3212", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "28208", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28208" }, { "name": "ADV-2008-0870", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0870" }, { "name": "12299", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/12299" }, { "name": "oval:org.mitre.oval:def:462", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462" }, { "name": "13404", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/13404" }, { "name": "1012444", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1012444" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1166", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (\"%0a\") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.rapid7.com/advisories/R7-0032.jsp", "refsource": "MISC", "url": "http://www.rapid7.com/advisories/R7-0032.jsp" }, { "name": "MS06-042", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "20080313 Rapid7 Advisory R7-0032: Microsoft Internet Explorer FTP Command Injection Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489500/100/0/threaded" }, { "name": "20041207 7a69Adv#15 - Internet Explorer FTP command injection", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=110253463305359\u0026w=2" }, { "name": "29346", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29346" }, { "name": "11826", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11826" }, { "name": "web-browser-ftp-command-execution(18384)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384" }, { "name": "ADV-2006-3212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "28208", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28208" }, { "name": "ADV-2008-0870", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0870" }, { "name": "12299", "refsource": "OSVDB", "url": "http://www.osvdb.org/12299" }, { "name": "oval:org.mitre.oval:def:462", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462" }, { "name": "13404", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13404" }, { "name": "1012444", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1012444" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1166", "datePublished": "2004-12-10T05:00:00", "dateReserved": "2004-12-09T00:00:00", "dateUpdated": "2024-08-08T00:39:01.102Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3354 (GCVE-0-2006-3354)
Vulnerability from cvelistv5
Published
2006-07-06 01:00
Modified
2024-08-07 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:23:21.211Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html" }, { "name": "ie-adodb-recordset-dos(27596)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27596" }, { "name": "18773", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18773" }, { "name": "26834", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/26834" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html" }, { "name": "ie-adodb-recordset-dos(27596)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27596" }, { "name": "18773", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18773" }, { "name": "26834", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/26834" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3354", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html", "refsource": "MISC", "url": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html" }, { "name": "ie-adodb-recordset-dos(27596)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27596" }, { "name": "18773", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18773" }, { "name": "26834", "refsource": "OSVDB", "url": "http://www.osvdb.org/26834" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3354", "datePublished": "2006-07-06T01:00:00", "dateReserved": "2006-07-05T00:00:00", "dateUpdated": "2024-08-07T18:23:21.211Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3658 (GCVE-0-2006-3658)
Vulnerability from cvelistv5
Published
2006-07-17 19:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:39:53.556Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-folderitem-dos(27760)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27760" }, { "name": "27059", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/27059" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html" }, { "name": "ADV-2006-2814", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2814" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ie-folderitem-dos(27760)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27760" }, { "name": "27059", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/27059" }, { "tags": [ "x_refsource_MISC" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html" }, { "name": "ADV-2006-2814", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2814" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3658", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-folderitem-dos(27760)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27760" }, { "name": "27059", "refsource": "OSVDB", "url": "http://www.osvdb.org/27059" }, { "name": "http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html", "refsource": "MISC", "url": "http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html" }, { "name": "ADV-2006-2814", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2814" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3658", "datePublished": "2006-07-17T19:00:00", "dateReserved": "2006-07-17T00:00:00", "dateUpdated": "2024-08-07T18:39:53.556Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2001-1218 (GCVE-0-2001-1218)
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:51:07.034Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20011220 E5 (SP1) crash the X server on Solaris2.6 chinese edition", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/246611" }, { "name": "3729", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/3729" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-12-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2002-03-22T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20011220 E5 (SP1) crash the X server on Solaris2.6 chinese edition", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/246611" }, { "name": "3729", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/3729" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1218", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20011220 E5 (SP1) crash the X server on Solaris2.6 chinese edition", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/246611" }, { "name": "3729", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3729" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1218", "datePublished": "2002-03-15T05:00:00", "dateReserved": "2002-03-15T00:00:00", "dateUpdated": "2024-08-08T04:51:07.034Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-0944 (GCVE-0-2007-0944)
Vulnerability from cvelistv5
Published
2007-05-08 23:00
Modified
2024-08-07 12:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:34:21.372Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-object-array-code-execution(33253)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33253" }, { "name": "oval:org.mitre.oval:def:1722", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1722" }, { "name": "HPSBST02214", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "name": "ADV-2007-1712", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1712" }, { "name": "1018019", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018019" }, { "name": "SSRT071422", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "name": "MS07-027", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027" }, { "name": "23769", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23769" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-027.html" }, { "name": "34400", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/34400" }, { "name": "TA07-128A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html" }, { "name": "20070508 ZDI-07-027: Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/467989/100/0/threaded" }, { "name": "23771", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23771" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-05-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the \"Uninitialized Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "ie-object-array-code-execution(33253)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33253" }, { "name": "oval:org.mitre.oval:def:1722", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1722" }, { "name": "HPSBST02214", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "name": "ADV-2007-1712", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1712" }, { "name": "1018019", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018019" }, { "name": "SSRT071422", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "name": "MS07-027", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027" }, { "name": "23769", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23769" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-027.html" }, { "name": "34400", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/34400" }, { "name": "TA07-128A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html" }, { "name": "20070508 ZDI-07-027: Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/467989/100/0/threaded" }, { "name": "23771", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23771" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-0944", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the \"Uninitialized Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-object-array-code-execution(33253)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33253" }, { "name": "oval:org.mitre.oval:def:1722", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1722" }, { "name": "HPSBST02214", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "name": "ADV-2007-1712", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1712" }, { "name": "1018019", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018019" }, { "name": "SSRT071422", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "name": "MS07-027", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027" }, { "name": "23769", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23769" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-027.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-027.html" }, { "name": "34400", "refsource": "OSVDB", "url": "http://www.osvdb.org/34400" }, { "name": "TA07-128A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html" }, { "name": "20070508 ZDI-07-027: Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/467989/100/0/threaded" }, { "name": "23771", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23771" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-0944", "datePublished": "2007-05-08T23:00:00", "dateReserved": "2007-02-14T00:00:00", "dateUpdated": "2024-08-07T12:34:21.372Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0985 (GCVE-0-2004-0985)
Vulnerability from cvelistv5
Published
2004-10-26 04:00
Modified
2024-08-08 00:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:38:59.603Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109830296130857\u0026w=2" }, { "name": "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2", "tags": [ "mailing-list", "x_refsource_NTBUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=ntbugtraq\u0026m=109828076802478\u0026w=2" }, { "name": "ie-anchorclick-command-execution(17824)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17824" }, { "name": "20041020 Re: How to Break Windows XP SP2 + Internet Explorer 6 SP2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109829111200055\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-10-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109830296130857\u0026w=2" }, { "name": "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2", "tags": [ "mailing-list", "x_refsource_NTBUGTRAQ" ], "url": "http://marc.info/?l=ntbugtraq\u0026m=109828076802478\u0026w=2" }, { "name": "ie-anchorclick-command-execution(17824)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17824" }, { "name": "20041020 Re: How to Break Windows XP SP2 + Internet Explorer 6 SP2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109829111200055\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0985", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109830296130857\u0026w=2" }, { "name": "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2", "refsource": "NTBUGTRAQ", "url": "http://marc.info/?l=ntbugtraq\u0026m=109828076802478\u0026w=2" }, { "name": "ie-anchorclick-command-execution(17824)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17824" }, { "name": "20041020 Re: How to Break Windows XP SP2 + Internet Explorer 6 SP2", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109829111200055\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0985", "datePublished": "2004-10-26T04:00:00", "dateReserved": "2004-10-25T00:00:00", "dateUpdated": "2024-08-08T00:38:59.603Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-7065 (GCVE-0-2006-7065)
Vulnerability from cvelistv5
Published
2007-02-27 18:00
Modified
2024-09-16 19:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:50:05.988Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "19364", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19364" }, { "name": "20060806 bugs", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2007-02-27T18:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "19364", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19364" }, { "name": "20060806 bugs", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-7065", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "19364", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19364" }, { "name": "20060806 bugs", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html" }, { "name": "http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511", "refsource": "MISC", "url": "http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-7065", "datePublished": "2007-02-27T18:00:00Z", "dateReserved": "2007-02-27T00:00:00Z", "dateUpdated": "2024-09-16T19:52:09.463Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-2900 (GCVE-0-2006-2900)
Vulnerability from cvelistv5
Published
2006-06-07 16:00
Modified
2024-08-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:06:27.167Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2006-2161", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2161" }, { "name": "1059", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/1059" }, { "name": "18308", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18308" }, { "name": "20449", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20449" }, { "name": "20060605 file upload widgets in IE and Firefox have issues", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-06-13T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ADV-2006-2161", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2161" }, { "name": "1059", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/1059" }, { "name": "18308", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18308" }, { "name": "20449", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20449" }, { "name": "20060605 file upload widgets in IE and Firefox have issues", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2900", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2006-2161", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2161" }, { "name": "1059", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1059" }, { "name": "18308", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18308" }, { "name": "20449", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20449" }, { "name": "20060605 file upload widgets in IE and Firefox have issues", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2900", "datePublished": "2006-06-07T16:00:00", "dateReserved": "2006-06-07T00:00:00", "dateUpdated": "2024-08-07T18:06:27.167Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-2385 (GCVE-0-2006-2385)
Vulnerability from cvelistv5
Published
2006-06-13 19:00
Modified
2024-08-07 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:51:03.797Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20595", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20595" }, { "name": "ADV-2006-2319", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "name": "oval:org.mitre.oval:def:1609", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1609" }, { "name": "oval:org.mitre.oval:def:1911", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1911" }, { "name": "1016291", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016291" }, { "name": "oval:org.mitre.oval:def:1423", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1423" }, { "name": "oval:org.mitre.oval:def:1916", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1916" }, { "name": "26446", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/26446" }, { "name": "oval:org.mitre.oval:def:1665", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1665" }, { "name": "oval:org.mitre.oval:def:1167", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1167" }, { "name": "18320", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18320" }, { "name": "MS06-021", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" }, { "name": "ie-mht-code-execution(26782)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26782" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-06-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "20595", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20595" }, { "name": "ADV-2006-2319", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "name": "oval:org.mitre.oval:def:1609", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1609" }, { "name": "oval:org.mitre.oval:def:1911", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1911" }, { "name": "1016291", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016291" }, { "name": "oval:org.mitre.oval:def:1423", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1423" }, { "name": "oval:org.mitre.oval:def:1916", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1916" }, { "name": "26446", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/26446" }, { "name": "oval:org.mitre.oval:def:1665", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1665" }, { "name": "oval:org.mitre.oval:def:1167", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1167" }, { "name": "18320", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18320" }, { "name": "MS06-021", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" }, { "name": "ie-mht-code-execution(26782)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26782" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-2385", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20595", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20595" }, { "name": "ADV-2006-2319", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "name": "oval:org.mitre.oval:def:1609", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1609" }, { "name": "oval:org.mitre.oval:def:1911", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1911" }, { "name": "1016291", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016291" }, { "name": "oval:org.mitre.oval:def:1423", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1423" }, { "name": "oval:org.mitre.oval:def:1916", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1916" }, { "name": "26446", "refsource": "OSVDB", "url": "http://www.osvdb.org/26446" }, { "name": "oval:org.mitre.oval:def:1665", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1665" }, { "name": "oval:org.mitre.oval:def:1167", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1167" }, { "name": "18320", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18320" }, { "name": "MS06-021", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" }, { "name": "ie-mht-code-execution(26782)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26782" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-2385", "datePublished": "2006-06-13T19:00:00", "dateReserved": "2006-05-15T00:00:00", "dateUpdated": "2024-08-07T17:51:03.797Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3471 (GCVE-0-2006-3471)
Vulnerability from cvelistv5
Published
2006-07-10 19:00
Modified
2024-08-07 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:30:33.688Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "26837", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/26837" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html" }, { "name": "ie-tableframeset-appendchild-dos(27592)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27592" }, { "name": "18873", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18873" }, { "name": "ADV-2006-2701", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2701" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "26837", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/26837" }, { "tags": [ "x_refsource_MISC" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html" }, { "name": "ie-tableframeset-appendchild-dos(27592)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27592" }, { "name": "18873", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18873" }, { "name": "ADV-2006-2701", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2701" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3471", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "26837", "refsource": "OSVDB", "url": "http://www.osvdb.org/26837" }, { "name": "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html", "refsource": "MISC", "url": "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html" }, { "name": "ie-tableframeset-appendchild-dos(27592)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27592" }, { "name": "18873", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18873" }, { "name": "ADV-2006-2701", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2701" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3471", "datePublished": "2006-07-10T19:00:00", "dateReserved": "2006-07-10T00:00:00", "dateUpdated": "2024-08-07T18:30:33.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-7030 (GCVE-0-2006-7030)
Vulnerability from cvelistv5
Published
2007-02-23 01:00
Modified
2024-08-07 20:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:50:05.971Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20060525 [BuHa-Security] DoS Vulnerability in MS IE 6 SP2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/435095/30/4710/threaded" }, { "name": "2286", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2286" }, { "name": "18112", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18112" }, { "name": "ie-html-tag-parsing-dos(26808)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26808" }, { "name": "20060526 Re: [BuHa-Security] DoS Vulnerability in MS IE 6 SP2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/435129/30/4710/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-05-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20060525 [BuHa-Security] DoS Vulnerability in MS IE 6 SP2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/435095/30/4710/threaded" }, { "name": "2286", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2286" }, { "name": "18112", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18112" }, { "name": "ie-html-tag-parsing-dos(26808)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26808" }, { "name": "20060526 Re: [BuHa-Security] DoS Vulnerability in MS IE 6 SP2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/435129/30/4710/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-7030", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20060525 [BuHa-Security] DoS Vulnerability in MS IE 6 SP2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/435095/30/4710/threaded" }, { "name": "2286", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2286" }, { "name": "18112", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18112" }, { "name": "ie-html-tag-parsing-dos(26808)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26808" }, { "name": "20060526 Re: [BuHa-Security] DoS Vulnerability in MS IE 6 SP2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/435129/30/4710/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-7030", "datePublished": "2007-02-23T01:00:00", "dateReserved": "2007-02-22T00:00:00", "dateUpdated": "2024-08-07T20:50:05.971Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0233 (GCVE-0-2003-0233)
Vulnerability from cvelistv5
Published
2003-05-02 04:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:43:36.065Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MS03-015", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "name": "20030424 Internet Explorer Plugin.ocx heap overflow (#NISR24042003)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=105120164927952\u0026w=2" }, { "name": "ie-plugin-load-bo(11854)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/11854.php" }, { "name": "oval:org.mitre.oval:def:1094", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-04-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "MS03-015", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "name": "20030424 Internet Explorer Plugin.ocx heap overflow (#NISR24042003)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=105120164927952\u0026w=2" }, { "name": "ie-plugin-load-bo(11854)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/11854.php" }, { "name": "oval:org.mitre.oval:def:1094", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0233", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MS03-015", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "name": "20030424 Internet Explorer Plugin.ocx heap overflow (#NISR24042003)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=105120164927952\u0026w=2" }, { "name": "ie-plugin-load-bo(11854)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/11854.php" }, { "name": "oval:org.mitre.oval:def:1094", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0233", "datePublished": "2003-05-02T04:00:00", "dateReserved": "2003-04-30T00:00:00", "dateUpdated": "2024-08-08T01:43:36.065Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-5344 (GCVE-0-2007-5344)
Vulnerability from cvelistv5
Published
2007-12-12 00:00
Modified
2024-08-07 15:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T15:24:42.467Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-element-code-execution(38715)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38715" }, { "name": "26817", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/26817" }, { "name": "1019078", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1019078" }, { "name": "SSRT071506", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "28036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28036" }, { "name": "20071211 ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/484890/100/100/threaded" }, { "name": "MS07-069", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "name": "ADV-2007-4184", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "name": "HPSBST02299", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:4480", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480" }, { "name": "TA07-345A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-075.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-12-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of \"Uninitialized Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-15T20:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "ie-element-code-execution(38715)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38715" }, { "name": "26817", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/26817" }, { "name": "1019078", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1019078" }, { "name": "SSRT071506", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "28036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28036" }, { "name": "20071211 ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/484890/100/100/threaded" }, { "name": "MS07-069", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "name": "ADV-2007-4184", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "name": "HPSBST02299", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:4480", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480" }, { "name": "TA07-345A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-075.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-5344", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of \"Uninitialized Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-element-code-execution(38715)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38715" }, { "name": "26817", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26817" }, { "name": "1019078", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019078" }, { "name": "SSRT071506", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "28036", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28036" }, { "name": "20071211 ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/484890/100/100/threaded" }, { "name": "MS07-069", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "name": "ADV-2007-4184", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "name": "HPSBST02299", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:4480", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480" }, { "name": "TA07-345A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-075.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-075.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-5344", "datePublished": "2007-12-12T00:00:00", "dateReserved": "2007-10-10T00:00:00", "dateUpdated": "2024-08-07T15:24:42.467Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0845 (GCVE-0-2004-0845)
Vulnerability from cvelistv5
Published
2004-10-16 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:47.890Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:2219", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219" }, { "name": "oval:org.mitre.oval:def:5150", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150" }, { "name": "ie-cache-ssl-obtain-information(17654)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17654" }, { "name": "oval:org.mitre.oval:def:5740", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "oval:org.mitre.oval:def:5520", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520" }, { "name": "oval:org.mitre.oval:def:3872", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872" }, { "name": "20041013 ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109770364504803\u0026w=2" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "VU#795720", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/795720" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt" }, { "name": "oval:org.mitre.oval:def:7611", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-10-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:2219", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219" }, { "name": "oval:org.mitre.oval:def:5150", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150" }, { "name": "ie-cache-ssl-obtain-information(17654)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17654" }, { "name": "oval:org.mitre.oval:def:5740", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "oval:org.mitre.oval:def:5520", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520" }, { "name": "oval:org.mitre.oval:def:3872", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872" }, { "name": "20041013 ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109770364504803\u0026w=2" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "VU#795720", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/795720" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt" }, { "name": "oval:org.mitre.oval:def:7611", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0845", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:2219", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219" }, { "name": "oval:org.mitre.oval:def:5150", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150" }, { "name": "ie-cache-ssl-obtain-information(17654)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17654" }, { "name": "oval:org.mitre.oval:def:5740", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740" }, { "name": "MS04-038", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "oval:org.mitre.oval:def:5520", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520" }, { "name": "oval:org.mitre.oval:def:3872", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872" }, { "name": "20041013 ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109770364504803\u0026w=2" }, { "name": "TA04-293A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "VU#795720", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/795720" }, { "name": "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt", "refsource": "MISC", "url": "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt" }, { "name": "oval:org.mitre.oval:def:7611", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0845", "datePublished": "2004-10-16T04:00:00", "dateReserved": "2004-09-08T00:00:00", "dateUpdated": "2024-08-08T00:31:47.890Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-1499 (GCVE-0-2007-1499)
Vulnerability from cvelistv5
Published
2007-03-17 10:00
Modified
2024-08-07 12:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:59:08.795Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "22966", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22966" }, { "name": "2448", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2448" }, { "name": "35352", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/35352" }, { "name": "ADV-2007-0946", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0946" }, { "name": "oval:org.mitre.oval:def:1715", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715" }, { "name": "25627", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25627" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx" }, { "name": "SSRT071438", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" }, { "name": "ie-navcancl-xss(33026)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026" }, { "name": "1018235", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1018235" }, { "name": "24535", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24535" }, { "name": "ADV-2007-2153", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/2153" }, { "name": "TA07-163A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://news.com.com/2100-1002_3-6167410.html" }, { "name": "20070315 Re: Phishing using IE7 local resource vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded" }, { "name": "20070315 RE: Phishing using IE7 local resource vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded" }, { "name": "MS07-033", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033" }, { "name": "20070314 Phishing using IE7 local resource vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded" }, { "name": "HPSBST02231", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-03-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "22966", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22966" }, { "name": "2448", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2448" }, { "name": "35352", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/35352" }, { "name": "ADV-2007-0946", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0946" }, { "name": "oval:org.mitre.oval:def:1715", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715" }, { "name": "25627", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25627" }, { "tags": [ "x_refsource_MISC" ], "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx" }, { "name": "SSRT071438", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" }, { "name": "ie-navcancl-xss(33026)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026" }, { "name": "1018235", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1018235" }, { "name": "24535", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24535" }, { "name": "ADV-2007-2153", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/2153" }, { "name": "TA07-163A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://news.com.com/2100-1002_3-6167410.html" }, { "name": "20070315 Re: Phishing using IE7 local resource vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded" }, { "name": "20070315 RE: Phishing using IE7 local resource vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded" }, { "name": "MS07-033", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033" }, { "name": "20070314 Phishing using IE7 local resource vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded" }, { "name": "HPSBST02231", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1499", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "22966", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22966" }, { "name": "2448", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2448" }, { "name": "35352", "refsource": "OSVDB", "url": "http://osvdb.org/35352" }, { "name": "ADV-2007-0946", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0946" }, { "name": "oval:org.mitre.oval:def:1715", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715" }, { "name": "25627", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25627" }, { "name": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx", "refsource": "MISC", "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx" }, { "name": "SSRT071438", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" }, { "name": "ie-navcancl-xss(33026)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026" }, { "name": "1018235", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018235" }, { "name": "24535", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24535" }, { "name": "ADV-2007-2153", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2153" }, { "name": "TA07-163A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" }, { "name": "http://news.com.com/2100-1002_3-6167410.html", "refsource": "MISC", "url": "http://news.com.com/2100-1002_3-6167410.html" }, { "name": "20070315 Re: Phishing using IE7 local resource vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded" }, { "name": "20070315 RE: Phishing using IE7 local resource vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded" }, { "name": "MS07-033", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033" }, { "name": "20070314 Phishing using IE7 local resource vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded" }, { "name": "HPSBST02231", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1499", "datePublished": "2007-03-17T10:00:00", "dateReserved": "2007-03-17T00:00:00", "dateUpdated": "2024-08-07T12:59:08.795Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3657 (GCVE-0-2006-3657)
Vulnerability from cvelistv5
Published
2006-07-17 19:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:39:53.990Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "27109", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/27109" }, { "name": "ie-dximagetransform-dos(27762)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27762" }, { "name": "19029", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19029" }, { "name": "ADV-2006-2832", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2832" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "27109", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/27109" }, { "name": "ie-dximagetransform-dos(27762)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27762" }, { "name": "19029", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19029" }, { "name": "ADV-2006-2832", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2832" }, { "tags": [ "x_refsource_MISC" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3657", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "27109", "refsource": "OSVDB", "url": "http://www.osvdb.org/27109" }, { "name": "ie-dximagetransform-dos(27762)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27762" }, { "name": "19029", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19029" }, { "name": "ADV-2006-2832", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2832" }, { "name": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html", "refsource": "MISC", "url": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3657", "datePublished": "2006-07-17T19:00:00", "dateReserved": "2006-07-17T00:00:00", "dateUpdated": "2024-08-07T18:39:53.990Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-0153 (GCVE-0-2002-0153)
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:42:27.592Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "3935", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/3935" }, { "name": "MS02-019", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019" }, { "name": "20020122 Macinosh IE file execuion", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/251805" }, { "name": "ie-macos-file-execution(7969)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7969" }, { "name": "ie-mac-applescript-execution(8851)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/8851.php" }, { "name": "5356", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/5356" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-04-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the \"Local Applescript Invocation\" vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2002-06-16T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "3935", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/3935" }, { "name": "MS02-019", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019" }, { "name": "20020122 Macinosh IE file execuion", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/251805" }, { "name": "ie-macos-file-execution(7969)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7969" }, { "name": "ie-mac-applescript-execution(8851)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/8851.php" }, { "name": "5356", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/5356" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0153", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the \"Local Applescript Invocation\" vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "3935", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3935" }, { "name": "MS02-019", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019" }, { "name": "20020122 Macinosh IE file execuion", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/251805" }, { "name": "ie-macos-file-execution(7969)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7969" }, { "name": "ie-mac-applescript-execution(8851)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8851.php" }, { "name": "5356", "refsource": "OSVDB", "url": "http://www.osvdb.org/5356" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0153", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2002-03-19T00:00:00", "dateUpdated": "2024-08-08T02:42:27.592Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0844 (GCVE-0-2004-0844)
Vulnerability from cvelistv5
Published
2004-10-16 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:47.484Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-dbcs-obtain-information(17652)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652" }, { "name": "oval:org.mitre.oval:def:2448", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448" }, { "name": "oval:org.mitre.oval:def:8127", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038", "tags": [ "mailing-list", "x_refsource_NTBUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2" }, { "name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2" }, { "name": "VU#431576", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/431576" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-10-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the \"Address Bar Spoofing on Double Byte Character Set Systems Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ie-dbcs-obtain-information(17652)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652" }, { "name": "oval:org.mitre.oval:def:2448", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448" }, { "name": "oval:org.mitre.oval:def:8127", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038", "tags": [ "mailing-list", "x_refsource_NTBUGTRAQ" ], "url": "http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2" }, { "name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2" }, { "name": "VU#431576", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/431576" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0844", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the \"Address Bar Spoofing on Double Byte Character Set Systems Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-dbcs-obtain-information(17652)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652" }, { "name": "oval:org.mitre.oval:def:2448", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448" }, { "name": "oval:org.mitre.oval:def:8127", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127" }, { "name": "MS04-038", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "TA04-293A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038", "refsource": "NTBUGTRAQ", "url": "http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2" }, { "name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2" }, { "name": "VU#431576", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/431576" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0844", "datePublished": "2004-10-16T04:00:00", "dateReserved": "2004-09-08T00:00:00", "dateUpdated": "2024-08-08T00:31:47.484Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-0550 (GCVE-0-2009-0550)
Vulnerability from cvelistv5
Published
2009-04-15 03:49
Modified
2024-08-07 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T04:40:05.067Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2009-1028", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/1028" }, { "name": "53619", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/53619" }, { "name": "34677", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34677" }, { "name": "TA09-104A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" }, { "name": "1022041", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1022041" }, { "name": "34678", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34678" }, { "name": "oval:org.mitre.oval:def:6233", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233" }, { "name": "oval:org.mitre.oval:def:7569", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=871138" }, { "name": "34439", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/34439" }, { "name": "MS09-014", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" }, { "name": "oval:org.mitre.oval:def:5320", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320" }, { "name": "ADV-2009-1027", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/1027" }, { "name": "MS09-013", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-04-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a \"credential-reflection protections\" opt-in step, aka \"Windows HTTP Services Credential Reflection Vulnerability\" and \"WinINet Credential Reflection Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "ADV-2009-1028", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/1028" }, { "name": "53619", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/53619" }, { "name": "34677", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34677" }, { "name": "TA09-104A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" }, { "name": "1022041", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1022041" }, { "name": "34678", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34678" }, { "name": "oval:org.mitre.oval:def:6233", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233" }, { "name": "oval:org.mitre.oval:def:7569", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569" }, { "tags": [ "x_refsource_MISC" ], "url": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=871138" }, { "name": "34439", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/34439" }, { "name": "MS09-014", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" }, { "name": "oval:org.mitre.oval:def:5320", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320" }, { "name": "ADV-2009-1027", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/1027" }, { "name": "MS09-013", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2009-0550", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a \"credential-reflection protections\" opt-in step, aka \"Windows HTTP Services Credential Reflection Vulnerability\" and \"WinINet Credential Reflection Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2009-1028", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1028" }, { "name": "53619", "refsource": "OSVDB", "url": "http://osvdb.org/53619" }, { "name": "34677", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34677" }, { "name": "TA09-104A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" }, { "name": "1022041", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022041" }, { "name": "34678", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34678" }, { "name": "oval:org.mitre.oval:def:6233", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233" }, { "name": "oval:org.mitre.oval:def:7569", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569" }, { "name": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx", "refsource": "MISC", "url": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx" }, { "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=871138", "refsource": "CONFIRM", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=871138" }, { "name": "34439", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34439" }, { "name": "MS09-014", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" }, { "name": "oval:org.mitre.oval:def:5320", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320" }, { "name": "ADV-2009-1027", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1027" }, { "name": "MS09-013", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2009-0550", "datePublished": "2009-04-15T03:49:00", "dateReserved": "2009-02-12T00:00:00", "dateUpdated": "2024-08-07T04:40:05.067Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-1999-0839 (GCVE-0-1999-0839)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:48:38.088Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Q246972", "tags": [ "vendor-advisory", "x_refsource_MSKB", "x_transferred" ], "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246972" }, { "name": "MS99-051", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051" }, { "name": "828", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/828" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "1999-11-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "Q246972", "tags": [ "vendor-advisory", "x_refsource_MSKB" ], "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246972" }, { "name": "MS99-051", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051" }, { "name": "828", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/828" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0839", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "Q246972", "refsource": "MSKB", "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246972" }, { "name": "MS99-051", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051" }, { "name": "828", "refsource": "BID", "url": "http://www.securityfocus.com/bid/828" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0839", "datePublished": "2000-01-04T05:00:00", "dateReserved": "1999-12-07T00:00:00", "dateUpdated": "2024-08-01T16:48:38.088Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-1185 (GCVE-0-2002-1185)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
References
► | URL | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:19:27.839Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MS02-066", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "name": "6216", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6216" }, { "name": "AD20021211", "tags": [ "third-party-advisory", "x_refsource_EEYE", "x_transferred" ], "url": "http://www.eeye.com/html/Research/Advisories/AD20021211.html" }, { "name": "20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=103970996205091\u0026w=2" }, { "name": "oval:org.mitre.oval:def:542", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542" }, { "name": "ie-png-bo(10662)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10662.php" }, { "name": "20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html" }, { "name": "oval:org.mitre.oval:def:393", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-11-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka \"Malformed PNG Image File Failure.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-11-01T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "MS02-066", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "name": "6216", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/6216" }, { "name": "AD20021211", "tags": [ "third-party-advisory", "x_refsource_EEYE" ], "url": "http://www.eeye.com/html/Research/Advisories/AD20021211.html" }, { "name": "20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=103970996205091\u0026w=2" }, { "name": "oval:org.mitre.oval:def:542", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542" }, { "name": "ie-png-bo(10662)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10662.php" }, { "name": "20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_VULNWATCH" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html" }, { "name": "oval:org.mitre.oval:def:393", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1185", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka \"Malformed PNG Image File Failure.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MS02-066", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "name": "6216", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6216" }, { "name": "AD20021211", "refsource": "EEYE", "url": "http://www.eeye.com/html/Research/Advisories/AD20021211.html" }, { "name": "20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=103970996205091\u0026w=2" }, { "name": "oval:org.mitre.oval:def:542", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542" }, { "name": "ie-png-bo(10662)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10662.php" }, { "name": "20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html" }, { "name": "oval:org.mitre.oval:def:393", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1185", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-10-04T00:00:00", "dateUpdated": "2024-08-08T03:19:27.839Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0530 (GCVE-0-2003-0530)
Vulnerability from cvelistv5
Published
2003-08-22 04:00
Modified
2024-08-08 01:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:58:11.019Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "9580", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/9580" }, { "name": "ie-br549-activex-bo(12962)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962" }, { "name": "CA-2003-22", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.cert.org/advisories/CA-2003-22.html" }, { "name": "VU#548964", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/548964" }, { "name": "MS03-032", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "name": "8454", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/8454" }, { "name": "1007538", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1007538" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-08-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "9580", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/9580" }, { "name": "ie-br549-activex-bo(12962)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962" }, { "name": "CA-2003-22", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.cert.org/advisories/CA-2003-22.html" }, { "name": "VU#548964", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/548964" }, { "name": "MS03-032", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "name": "8454", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/8454" }, { "name": "1007538", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1007538" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0530", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "9580", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/9580" }, { "name": "ie-br549-activex-bo(12962)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962" }, { "name": "CA-2003-22", "refsource": "CERT", "url": "http://www.cert.org/advisories/CA-2003-22.html" }, { "name": "VU#548964", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/548964" }, { "name": "MS03-032", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "name": "8454", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8454" }, { "name": "1007538", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1007538" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0530", "datePublished": "2003-08-22T04:00:00", "dateReserved": "2003-07-08T00:00:00", "dateUpdated": "2024-08-08T01:58:11.019Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1331 (GCVE-0-2004-1331)
Vulnerability from cvelistv5
Published
2005-01-06 05:00
Modified
2024-08-08 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:46:12.340Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "3220", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/3220" }, { "name": "ie-execommand-warning-bypass(18181)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18181" }, { "name": "11686", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11686" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php" }, { "name": "13203", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/13203/" }, { "name": "20041119 Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity...", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html" }, { "name": "VU#743974", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/743974" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-11-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the \"File Download - Security Warning\" dialog and save arbitrary files with arbitrary extensions via the SaveAs command." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "3220", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/3220" }, { "name": "ie-execommand-warning-bypass(18181)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18181" }, { "name": "11686", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11686" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php" }, { "name": "13203", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/13203/" }, { "name": "20041119 Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity...", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html" }, { "name": "VU#743974", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/743974" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1331", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the \"File Download - Security Warning\" dialog and save arbitrary files with arbitrary extensions via the SaveAs command." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "3220", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3220" }, { "name": "ie-execommand-warning-bypass(18181)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18181" }, { "name": "11686", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11686" }, { "name": "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php", "refsource": "MISC", "url": "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php" }, { "name": "13203", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13203/" }, { "name": "20041119 Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity...", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html" }, { "name": "VU#743974", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/743974" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1331", "datePublished": "2005-01-06T05:00:00", "dateReserved": "2005-01-06T00:00:00", "dateUpdated": "2024-08-08T00:46:12.340Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2001-0665 (GCVE-0-2001-0665)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:30:06.023Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "3421", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/3421" }, { "name": "ie-url-http-requests(7259)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7259" }, { "name": "1972", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/1972" }, { "name": "MS01-051", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-10-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the \"HTTP Request Encoding vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2002-03-01T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "3421", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/3421" }, { "name": "ie-url-http-requests(7259)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7259" }, { "name": "1972", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/1972" }, { "name": "MS01-051", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0665", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the \"HTTP Request Encoding vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "3421", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3421" }, { "name": "ie-url-http-requests(7259)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7259" }, { "name": "1972", "refsource": "OSVDB", "url": "http://www.osvdb.org/1972" }, { "name": "MS01-051", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0665", "datePublished": "2002-03-09T05:00:00", "dateReserved": "2001-08-15T00:00:00", "dateUpdated": "2024-08-08T04:30:06.023Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-0028 (GCVE-0-2000-0028)
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-08 04:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:58:11.688Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "1999-12-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-17T08:19:27", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0028" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0028", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0028", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0028" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0028", "datePublished": "2000-02-04T05:00:00", "dateReserved": "2000-01-11T00:00:00", "dateUpdated": "2024-08-08T04:58:11.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-1105 (GCVE-0-2003-1105)
Vulnerability from cvelistv5
Published
2005-03-11 05:00
Modified
2024-08-08 02:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:12:36.008Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-input-type-dos(13029)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13029" }, { "name": "MS03-032", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "name": "VU#813208", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/813208" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-08-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ie-input-type-dos(13029)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13029" }, { "name": "MS03-032", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "name": "VU#813208", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/813208" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1105", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-input-type-dos(13029)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13029" }, { "name": "MS03-032", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "name": "VU#813208", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/813208" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1105", "datePublished": "2005-03-11T05:00:00", "dateReserved": "2005-03-11T00:00:00", "dateUpdated": "2024-08-08T02:12:36.008Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-2094 (GCVE-0-2006-2094)
Vulnerability from cvelistv5
Published
2006-04-29 10:00
Modified
2024-08-07 17:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:35:31.320Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2006-1559", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/1559" }, { "name": "20060426 Internet Explorer User Interface Races, Redeux", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html" }, { "name": "17713", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/17713" }, { "name": "1015720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015720" }, { "name": "22351", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/22351" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02" }, { "name": "20060427 PoC for Internet Explorer Modal Dialog Issue", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html" }, { "name": "ie-modal-dialog-code-execution(26111)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26111" }, { "name": "20060427 PoC for Internet Explorer Modal Dialog Issue", "tags": [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/" }, { "name": "20040407 Race conditions in security dialogs", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-04-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a \"Yes\" approval for executing the control." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ADV-2006-1559", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/1559" }, { "name": "20060426 Internet Explorer User Interface Races, Redeux", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html" }, { "name": "17713", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/17713" }, { "name": "1015720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015720" }, { "name": "22351", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/22351" }, { "tags": [ "x_refsource_MISC" ], "url": "http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02" }, { "name": "20060427 PoC for Internet Explorer Modal Dialog Issue", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html" }, { "name": "ie-modal-dialog-code-execution(26111)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26111" }, { "name": "20060427 PoC for Internet Explorer Modal Dialog Issue", "tags": [ "mailing-list", "x_refsource_VULNWATCH" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/" }, { "name": "20040407 Race conditions in security dialogs", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2094", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a \"Yes\" approval for executing the control." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2006-1559", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1559" }, { "name": "20060426 Internet Explorer User Interface Races, Redeux", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html" }, { "name": "17713", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17713" }, { "name": "1015720", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015720" }, { "name": "22351", "refsource": "OSVDB", "url": "http://www.osvdb.org/22351" }, { "name": "http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02", "refsource": "MISC", "url": "http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02" }, { "name": "20060427 PoC for Internet Explorer Modal Dialog Issue", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html" }, { "name": "ie-modal-dialog-code-execution(26111)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26111" }, { "name": "20060427 PoC for Internet Explorer Modal Dialog Issue", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html" }, { "name": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", "refsource": "MISC", "url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/" }, { "name": "20040407 Race conditions in security dialogs", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2094", "datePublished": "2006-04-29T10:00:00", "dateReserved": "2006-04-28T00:00:00", "dateUpdated": "2024-08-07T17:35:31.320Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3869 (GCVE-0-2006-3869)
Vulnerability from cvelistv5
Published
2006-08-23 01:00
Modified
2024-08-07 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:48:39.195Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-url-compression-bo(28893)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893" }, { "name": "19667", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19667" }, { "name": "1016731", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016731" }, { "name": "28132", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/28132" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.microsoft.com/technet/security/advisory/923762.mspx" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.microsoft.com/kb/923762/" }, { "name": "21557", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21557" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.nsfocus.com/english/homepage/research/0608.htm" }, { "name": "20060824 EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/444241/100/0/threaded" }, { "name": "VU#821156", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/821156" }, { "name": "ADV-2006-3356", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3356" }, { "name": "1441", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/1441" }, { "name": "20060825 NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/444319/100/0/threaded" }, { "name": "20060822 EEYE:ALERT: MS06-042 Related Internet Explorer \u0027Crash\u0027 is Exploitable", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/444046/100/0/threaded" }, { "name": "ie-long-url-bo(28522)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28522" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "ie-url-compression-bo(28893)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893" }, { "name": "19667", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19667" }, { "name": "1016731", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016731" }, { "name": "28132", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/28132" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.microsoft.com/technet/security/advisory/923762.mspx" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.microsoft.com/kb/923762/" }, { "name": "21557", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21557" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.nsfocus.com/english/homepage/research/0608.htm" }, { "name": "20060824 EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/444241/100/0/threaded" }, { "name": "VU#821156", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/821156" }, { "name": "ADV-2006-3356", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3356" }, { "name": "1441", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/1441" }, { "name": "20060825 NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/444319/100/0/threaded" }, { "name": "20060822 EEYE:ALERT: MS06-042 Related Internet Explorer \u0027Crash\u0027 is Exploitable", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/444046/100/0/threaded" }, { "name": "ie-long-url-bo(28522)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28522" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-3869", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-url-compression-bo(28893)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893" }, { "name": "19667", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19667" }, { "name": "1016731", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016731" }, { "name": "28132", "refsource": "OSVDB", "url": "http://www.osvdb.org/28132" }, { "name": "http://www.microsoft.com/technet/security/advisory/923762.mspx", "refsource": "CONFIRM", "url": "http://www.microsoft.com/technet/security/advisory/923762.mspx" }, { "name": "http://support.microsoft.com/kb/923762/", "refsource": "CONFIRM", "url": "http://support.microsoft.com/kb/923762/" }, { "name": "21557", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21557" }, { "name": "http://www.nsfocus.com/english/homepage/research/0608.htm", "refsource": "MISC", "url": "http://www.nsfocus.com/english/homepage/research/0608.htm" }, { "name": "20060824 EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444241/100/0/threaded" }, { "name": "VU#821156", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/821156" }, { "name": "ADV-2006-3356", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3356" }, { "name": "1441", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1441" }, { "name": "20060825 NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444319/100/0/threaded" }, { "name": "20060822 EEYE:ALERT: MS06-042 Related Internet Explorer \u0027Crash\u0027 is Exploitable", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444046/100/0/threaded" }, { "name": "ie-long-url-bo(28522)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28522" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-3869", "datePublished": "2006-08-23T01:00:00", "dateReserved": "2006-07-26T00:00:00", "dateUpdated": "2024-08-07T18:48:39.195Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-0753 (GCVE-0-2006-0753)
Vulnerability from cvelistv5
Published
2006-02-18 02:00
Modified
2024-08-07 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T16:48:55.885Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-windowstatus-dos(24846)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24846" }, { "name": "20060214 memory leak in IE?", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/424959/100/0/threaded" }, { "name": "23307", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/23307" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-02-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ie-windowstatus-dos(24846)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24846" }, { "name": "20060214 memory leak in IE?", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/424959/100/0/threaded" }, { "name": "23307", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/23307" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0753", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-windowstatus-dos(24846)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24846" }, { "name": "20060214 memory leak in IE?", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/424959/100/0/threaded" }, { "name": "23307", "refsource": "OSVDB", "url": "http://www.osvdb.org/23307" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0753", "datePublished": "2006-02-18T02:00:00", "dateReserved": "2006-02-18T00:00:00", "dateUpdated": "2024-08-07T16:48:55.885Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-2069 (GCVE-0-2009-2069)
Vulnerability from cvelistv5
Published
2009-06-15 19:00
Modified
2024-08-07 05:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:36:20.956Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" }, { "name": "35411", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35411" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-06-23T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" }, { "name": "35411", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35411" }, { "tags": [ "x_refsource_MISC" ], "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2069", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", "refsource": "MISC", "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" }, { "name": "35411", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35411" }, { "name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", "refsource": "MISC", "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2069", "datePublished": "2009-06-15T19:00:00", "dateReserved": "2009-06-15T00:00:00", "dateUpdated": "2024-08-07T05:36:20.956Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-0162 (GCVE-0-2000-0162)
Vulnerability from cvelistv5
Published
2000-03-22 05:00
Modified
2024-08-08 05:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:05:53.926Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MS00-011", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-02-18T00:00:00", "descriptions": [ { "lang": "en", "value": "The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the \"VM File Reading\" vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "MS00-011", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0162", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the \"VM File Reading\" vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MS00-011", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0162", "datePublished": "2000-03-22T05:00:00", "dateReserved": "2000-02-23T00:00:00", "dateUpdated": "2024-08-08T05:05:53.926Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1686 (GCVE-0-2004-1686)
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:00:36.999Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20040915 IE6 + XP SP2 Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109539520310153\u0026w=2" }, { "name": "ie-information-bar-bypass(20617)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20617" }, { "name": "11200", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11200" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-09-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20040915 IE6 + XP SP2 Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109539520310153\u0026w=2" }, { "name": "ie-information-bar-bypass(20617)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20617" }, { "name": "11200", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11200" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1686", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20040915 IE6 + XP SP2 Vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109539520310153\u0026w=2" }, { "name": "ie-information-bar-bypass(20617)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20617" }, { "name": "11200", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11200" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1686", "datePublished": "2005-02-20T05:00:00", "dateReserved": "2005-02-21T00:00:00", "dateUpdated": "2024-08-08T01:00:36.999Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3944 (GCVE-0-2006-3944)
Vulnerability from cvelistv5
Published
2006-07-31 23:00
Modified
2024-08-07 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:48:39.412Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "27372", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/27372" }, { "name": "19113", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19113" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html" }, { "name": "ie-listwidth-dos(27931)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27931" }, { "name": "ADV-2006-2954", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2954" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "27372", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/27372" }, { "name": "19113", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19113" }, { "tags": [ "x_refsource_MISC" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html" }, { "name": "ie-listwidth-dos(27931)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27931" }, { "name": "ADV-2006-2954", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2954" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3944", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "27372", "refsource": "OSVDB", "url": "http://www.osvdb.org/27372" }, { "name": "19113", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19113" }, { "name": "http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html", "refsource": "MISC", "url": "http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html" }, { "name": "ie-listwidth-dos(27931)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27931" }, { "name": "ADV-2006-2954", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2954" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3944", "datePublished": "2006-07-31T23:00:00", "dateReserved": "2006-07-31T00:00:00", "dateUpdated": "2024-08-07T18:48:39.412Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-0078 (GCVE-0-2008-0078)
Vulnerability from cvelistv5
Published
2008-02-12 22:00
Modified
2024-08-07 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:32:24.051Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "27689", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/27689" }, { "name": "1019381", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019381" }, { "name": "HPSBST02314", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "name": "SSRT080016", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "name": "oval:org.mitre.oval:def:4904", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904" }, { "name": "TA08-043C", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" }, { "name": "ADV-2008-0512", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0512/references" }, { "name": "MS08-010", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010" }, { "name": "28903", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28903" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-02-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka \"Argument Handling Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "27689", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/27689" }, { "name": "1019381", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019381" }, { "name": "HPSBST02314", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "name": "SSRT080016", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "name": "oval:org.mitre.oval:def:4904", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904" }, { "name": "TA08-043C", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" }, { "name": "ADV-2008-0512", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0512/references" }, { "name": "MS08-010", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010" }, { "name": "28903", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28903" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2008-0078", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka \"Argument Handling Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "27689", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27689" }, { "name": "1019381", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019381" }, { "name": "HPSBST02314", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "name": "SSRT080016", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "name": "oval:org.mitre.oval:def:4904", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904" }, { "name": "TA08-043C", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" }, { "name": "ADV-2008-0512", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0512/references" }, { "name": "MS08-010", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010" }, { "name": "28903", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28903" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2008-0078", "datePublished": "2008-02-12T22:00:00", "dateReserved": "2008-01-03T00:00:00", "dateUpdated": "2024-08-07T07:32:24.051Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3472 (GCVE-0-2006-3472)
Vulnerability from cvelistv5
Published
2006-07-10 20:00
Modified
2024-08-07 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:30:34.172Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "18820", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18820" }, { "name": "30822", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/30822" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-12-28T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "18820", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18820" }, { "name": "30822", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/30822" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3472", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "18820", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18820" }, { "name": "30822", "refsource": "OSVDB", "url": "http://www.osvdb.org/30822" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3472", "datePublished": "2006-07-10T20:00:00", "dateReserved": "2006-07-10T00:00:00", "dateUpdated": "2024-08-07T18:30:34.172Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-1824 (GCVE-0-2002-1824)
Vulnerability from cvelistv5
Published
2005-06-28 04:00
Modified
2024-09-17 00:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:43:33.523Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-ssl-certificate-expired(10180)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10180.php" }, { "name": "20020923 IE6 SSL Certificate Chain Verification", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://online.securityfocus.com/archive/1/292842" }, { "name": "5778", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/5778" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver\u0027s certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-06-28T04:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ie-ssl-certificate-expired(10180)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10180.php" }, { "name": "20020923 IE6 SSL Certificate Chain Verification", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://online.securityfocus.com/archive/1/292842" }, { "name": "5778", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/5778" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1824", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver\u0027s certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-ssl-certificate-expired(10180)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10180.php" }, { "name": "20020923 IE6 SSL Certificate Chain Verification", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/292842" }, { "name": "5778", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5778" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1824", "datePublished": "2005-06-28T04:00:00Z", "dateReserved": "2005-06-28T04:00:00Z", "dateUpdated": "2024-09-17T00:50:56.884Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0842 (GCVE-0-2004-0842)
Vulnerability from cvelistv5
Published
2004-09-14 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:47.861Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20040728 Re: Crash IE with 11 bytes ;)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2" }, { "name": "oval:org.mitre.oval:def:4169", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.securiteam.com/exploits/5NP042KF5A.html" }, { "name": "VU#291304", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/291304" }, { "name": "oval:org.mitre.oval:def:2906", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906" }, { "name": "20040723 Crash IE with 11 bytes ;)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ecqurity.com/adv/IEstyle.html" }, { "name": "oval:org.mitre.oval:def:5592", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592" }, { "name": "ie-popupshow-perform-actions(16675)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "20040728 Re: Crash IE with 11 bytes ;)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2" }, { "name": "12806", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/12806" }, { "name": "P-006", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred" ], "url": "http://www.ciac.org/ciac/bulletins/p-006.shtml" }, { "name": "10816", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/10816" }, { "name": "oval:org.mitre.oval:def:6579", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579" }, { "name": "oval:org.mitre.oval:def:3372", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-07-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from \"memory corruption\") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the \"\u003cSTYLE\u003e@;/*\" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the \"CSS Heap Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20040728 Re: Crash IE with 11 bytes ;)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2" }, { "name": "oval:org.mitre.oval:def:4169", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.securiteam.com/exploits/5NP042KF5A.html" }, { "name": "VU#291304", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/291304" }, { "name": "oval:org.mitre.oval:def:2906", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906" }, { "name": "20040723 Crash IE with 11 bytes ;)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ecqurity.com/adv/IEstyle.html" }, { "name": "oval:org.mitre.oval:def:5592", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592" }, { "name": "ie-popupshow-perform-actions(16675)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "20040728 Re: Crash IE with 11 bytes ;)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2" }, { "name": "12806", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/12806" }, { "name": "P-006", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC" ], "url": "http://www.ciac.org/ciac/bulletins/p-006.shtml" }, { "name": "10816", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/10816" }, { "name": "oval:org.mitre.oval:def:6579", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579" }, { "name": "oval:org.mitre.oval:def:3372", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0842", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from \"memory corruption\") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the \"\u003cSTYLE\u003e@;/*\" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the \"CSS Heap Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20040728 Re: Crash IE with 11 bytes ;)", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2" }, { "name": "oval:org.mitre.oval:def:4169", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169" }, { "name": "MS04-038", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "http://www.securiteam.com/exploits/5NP042KF5A.html", "refsource": "MISC", "url": "http://www.securiteam.com/exploits/5NP042KF5A.html" }, { "name": "VU#291304", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/291304" }, { "name": "oval:org.mitre.oval:def:2906", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906" }, { "name": "20040723 Crash IE with 11 bytes ;)", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2" }, { "name": "http://www.ecqurity.com/adv/IEstyle.html", "refsource": "MISC", "url": "http://www.ecqurity.com/adv/IEstyle.html" }, { "name": "oval:org.mitre.oval:def:5592", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592" }, { "name": "ie-popupshow-perform-actions(16675)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675" }, { "name": "TA04-293A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "20040728 Re: Crash IE with 11 bytes ;)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2" }, { "name": "12806", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12806" }, { "name": "P-006", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/p-006.shtml" }, { "name": "10816", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10816" }, { "name": "oval:org.mitre.oval:def:6579", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579" }, { "name": "oval:org.mitre.oval:def:3372", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0842", "datePublished": "2004-09-14T04:00:00", "dateReserved": "2004-09-08T00:00:00", "dateUpdated": "2024-08-08T00:31:47.861Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0841 (GCVE-0-2004-0841)
Vulnerability from cvelistv5
Published
2004-09-14 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:47.829Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#413886", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/413886" }, { "name": "1010679", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1010679" }, { "name": "oval:org.mitre.oval:def:2611", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "oval:org.mitre.oval:def:8077", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077" }, { "name": "12048", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/12048" }, { "name": "ie-popupshow-perform-actions(16675)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "oval:org.mitre.oval:def:4363", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363" }, { "name": "10690", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/10690" }, { "name": "7774", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/7774" }, { "name": "oval:org.mitre.oval:def:5620", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620" }, { "name": "oval:org.mitre.oval:def:6031", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031" }, { "name": "20040711 HijackClick 3", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/368652" }, { "name": "oval:org.mitre.oval:def:6048", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048" }, { "name": "20040712 Re: HijackClick 3", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/368666" }, { "name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-07-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "VU#413886", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/413886" }, { "name": "1010679", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1010679" }, { "name": "oval:org.mitre.oval:def:2611", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "oval:org.mitre.oval:def:8077", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077" }, { "name": "12048", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/12048" }, { "name": "ie-popupshow-perform-actions(16675)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "oval:org.mitre.oval:def:4363", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363" }, { "name": "10690", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/10690" }, { "name": "7774", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/7774" }, { "name": "oval:org.mitre.oval:def:5620", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620" }, { "name": "oval:org.mitre.oval:def:6031", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031" }, { "name": "20040711 HijackClick 3", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/368652" }, { "name": "oval:org.mitre.oval:def:6048", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048" }, { "name": "20040712 Re: HijackClick 3", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/368666" }, { "name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0841", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#413886", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/413886" }, { "name": "1010679", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1010679" }, { "name": "oval:org.mitre.oval:def:2611", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611" }, { "name": "MS04-038", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "oval:org.mitre.oval:def:8077", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077" }, { "name": "12048", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12048" }, { "name": "ie-popupshow-perform-actions(16675)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675" }, { "name": "TA04-293A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "oval:org.mitre.oval:def:4363", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363" }, { "name": "10690", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10690" }, { "name": "7774", "refsource": "OSVDB", "url": "http://www.osvdb.org/7774" }, { "name": "oval:org.mitre.oval:def:5620", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620" }, { "name": "oval:org.mitre.oval:def:6031", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031" }, { "name": "20040711 HijackClick 3", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/368652" }, { "name": "oval:org.mitre.oval:def:6048", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048" }, { "name": "20040712 Re: HijackClick 3", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/368666" }, { "name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0841", "datePublished": "2004-09-14T04:00:00", "dateReserved": "2004-09-08T00:00:00", "dateUpdated": "2024-08-08T00:31:47.829Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-1719 (GCVE-0-2006-1719)
Vulnerability from cvelistv5
Published
2006-04-11 23:00
Modified
2024-08-07 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:19:49.438Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20060407 IE6 Crash", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/430408/100/0/threaded" }, { "name": "ie-css-scrollbar-dos(25852)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25852" }, { "name": "20060410 Re: IE6 Crash", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/430431/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-04-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20060407 IE6 Crash", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/430408/100/0/threaded" }, { "name": "ie-css-scrollbar-dos(25852)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25852" }, { "name": "20060410 Re: IE6 Crash", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/430431/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1719", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20060407 IE6 Crash", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/430408/100/0/threaded" }, { "name": "ie-css-scrollbar-dos(25852)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25852" }, { "name": "20060410 Re: IE6 Crash", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/430431/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1719", "datePublished": "2006-04-11T23:00:00", "dateReserved": "2006-04-11T00:00:00", "dateUpdated": "2024-08-07T17:19:49.438Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0843 (GCVE-0-2004-0843)
Vulnerability from cvelistv5
Published
2004-10-16 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:47.842Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#625616", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/625616" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "oval:org.mitre.oval:def:7095", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7095" }, { "name": "oval:org.mitre.oval:def:7194", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7194" }, { "name": "oval:org.mitre.oval:def:2487", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "oval:org.mitre.oval:def:2537", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537" }, { "name": "ie-plugin-address-spoofing(17655)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17655" }, { "name": "oval:org.mitre.oval:def:3949", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3949" }, { "name": "oval:org.mitre.oval:def:6313", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6313" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-10-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the \"Plug-in Navigation Address Bar Spoofing Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "VU#625616", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/625616" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "oval:org.mitre.oval:def:7095", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7095" }, { "name": "oval:org.mitre.oval:def:7194", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7194" }, { "name": "oval:org.mitre.oval:def:2487", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "oval:org.mitre.oval:def:2537", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537" }, { "name": "ie-plugin-address-spoofing(17655)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17655" }, { "name": "oval:org.mitre.oval:def:3949", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3949" }, { "name": "oval:org.mitre.oval:def:6313", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6313" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0843", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the \"Plug-in Navigation Address Bar Spoofing Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#625616", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/625616" }, { "name": "MS04-038", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "oval:org.mitre.oval:def:7095", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7095" }, { "name": "oval:org.mitre.oval:def:7194", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7194" }, { "name": "oval:org.mitre.oval:def:2487", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487" }, { "name": "TA04-293A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "oval:org.mitre.oval:def:2537", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537" }, { "name": "ie-plugin-address-spoofing(17655)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17655" }, { "name": "oval:org.mitre.oval:def:3949", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3949" }, { "name": "oval:org.mitre.oval:def:6313", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6313" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0843", "datePublished": "2004-10-16T04:00:00", "dateReserved": "2004-09-08T00:00:00", "dateUpdated": "2024-08-08T00:31:47.842Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-1061 (GCVE-0-2000-1061)
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:45:36.280Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "java-vm-applet(5127)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127" }, { "name": "MS00-075", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-10-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer\u0027s security settings and execute arbitrary commands via a malicious web page or email, aka the \"Microsoft VM ActiveX Component\" vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "java-vm-applet(5127)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127" }, { "name": "MS00-075", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-1061", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer\u0027s security settings and execute arbitrary commands via a malicious web page or email, aka the \"Microsoft VM ActiveX Component\" vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "java-vm-applet(5127)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127" }, { "name": "MS00-075", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-1061", "datePublished": "2001-01-22T05:00:00", "dateReserved": "2000-11-29T00:00:00", "dateUpdated": "2024-08-08T05:45:36.280Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-1326 (GCVE-0-2003-1326)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 02:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:19:46.077Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "6779", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6779" }, { "name": "oval:org.mitre.oval:def:126", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126" }, { "name": "ie-dialog-zone-bypass(11258)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/11258.php" }, { "name": "N-038", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred" ], "url": "http://www.ciac.org/ciac/bulletins/n-038.shtml" }, { "name": "oval:org.mitre.oval:def:49", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49" }, { "name": "oval:org.mitre.oval:def:178", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178" }, { "name": "MS03-004", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka \"Improper Cross Domain Security Validation with dialog box.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-11-01T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "6779", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/6779" }, { "name": "oval:org.mitre.oval:def:126", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126" }, { "name": "ie-dialog-zone-bypass(11258)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/11258.php" }, { "name": "N-038", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC" ], "url": "http://www.ciac.org/ciac/bulletins/n-038.shtml" }, { "name": "oval:org.mitre.oval:def:49", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49" }, { "name": "oval:org.mitre.oval:def:178", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178" }, { "name": "MS03-004", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1326", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka \"Improper Cross Domain Security Validation with dialog box.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "6779", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6779" }, { "name": "oval:org.mitre.oval:def:126", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126" }, { "name": "ie-dialog-zone-bypass(11258)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/11258.php" }, { "name": "N-038", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/n-038.shtml" }, { "name": "oval:org.mitre.oval:def:49", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49" }, { "name": "oval:org.mitre.oval:def:178", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178" }, { "name": "MS03-004", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1326", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2003-02-06T00:00:00", "dateUpdated": "2024-08-08T02:19:46.077Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-4301 (GCVE-0-2006-4301)
Vulnerability from cvelistv5
Published
2006-08-23 01:00
Modified
2024-08-07 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1.
References
► | URL | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:06:07.635Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "29524", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/29524" }, { "name": "1439", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/1439" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=17" }, { "name": "20060821 [XSec-06-09]: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/443907/100/0/threaded" }, { "name": "4251", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/4251" }, { "name": "19640", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19640" }, { "name": "29525", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/29525" }, { "name": "ie-com-color-dos(28516)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28516" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "29524", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/29524" }, { "name": "1439", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/1439" }, { "tags": [ "x_refsource_MISC" ], "url": "http://xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=17" }, { "name": "20060821 [XSec-06-09]: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/443907/100/0/threaded" }, { "name": "4251", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/4251" }, { "name": "19640", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19640" }, { "name": "29525", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/29525" }, { "name": "ie-com-color-dos(28516)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28516" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4301", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "29524", "refsource": "OSVDB", "url": "http://www.osvdb.org/29524" }, { "name": "1439", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1439" }, { "name": "http://xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=17", "refsource": "MISC", "url": "http://xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=17" }, { "name": "20060821 [XSec-06-09]: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/443907/100/0/threaded" }, { "name": "4251", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4251" }, { "name": "19640", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19640" }, { "name": "29525", "refsource": "OSVDB", "url": "http://www.osvdb.org/29525" }, { "name": "ie-com-color-dos(28516)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28516" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4301", "datePublished": "2006-08-23T01:00:00", "dateReserved": "2006-08-22T00:00:00", "dateUpdated": "2024-08-07T19:06:07.635Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-1114 (GCVE-0-2007-1114)
Vulnerability from cvelistv5
Published
2007-02-26 23:00
Modified
2024-08-07 12:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:43:22.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "22701", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22701" }, { "name": "24314", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24314" }, { "name": "20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/461076/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.hardened-php.net/advisory_032007.142.html" }, { "name": "ADV-2007-0744", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0744" }, { "name": "32119", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/32119" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "22701", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22701" }, { "name": "24314", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24314" }, { "name": "20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/461076/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.hardened-php.net/advisory_032007.142.html" }, { "name": "ADV-2007-0744", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0744" }, { "name": "32119", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/32119" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1114", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "22701", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22701" }, { "name": "24314", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24314" }, { "name": "20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461076/100/0/threaded" }, { "name": "http://www.hardened-php.net/advisory_032007.142.html", "refsource": "MISC", "url": "http://www.hardened-php.net/advisory_032007.142.html" }, { "name": "ADV-2007-0744", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0744" }, { "name": "32119", "refsource": "OSVDB", "url": "http://www.osvdb.org/32119" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1114", "datePublished": "2007-02-26T23:00:00", "dateReserved": "2007-02-26T00:00:00", "dateUpdated": "2024-08-07T12:43:22.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-5913 (GCVE-0-2006-5913)
Vulnerability from cvelistv5
Published
2006-11-15 15:00
Modified
2024-08-07 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:12:30.324Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20061107 Re: IE7 website security certificate discrediting exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/450825/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.blogger.com/comment.g?blogID=15069726\u0026postID=116257593427394541" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-11-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site\u0027s URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a \"The webpage no longer exists\" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20061107 Re: IE7 website security certificate discrediting exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/450825/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.blogger.com/comment.g?blogID=15069726\u0026postID=116257593427394541" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5913", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site\u0027s URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a \"The webpage no longer exists\" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20061107 Re: IE7 website security certificate discrediting exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/450825/100/0/threaded" }, { "name": "http://www.blogger.com/comment.g?blogID=15069726\u0026postID=116257593427394541", "refsource": "MISC", "url": "http://www.blogger.com/comment.g?blogID=15069726\u0026postID=116257593427394541" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5913", "datePublished": "2006-11-15T15:00:00", "dateReserved": "2006-11-15T00:00:00", "dateUpdated": "2024-08-07T20:12:30.324Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0475 (GCVE-0-2004-0475)
Vulnerability from cvelistv5
Published
2004-05-20 04:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:17:15.126Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "10348", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/10348" }, { "name": "20040513 Showhelp() local CHM file execution", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/363202" }, { "name": "ie-showhelp-chm-execution(16147)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-05-13T00:00:00", "descriptions": [ { "lang": "en", "value": "The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash (\"\\\\\") before the target CHM file, as demonstrated using an \"ms-its\" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "10348", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/10348" }, { "name": "20040513 Showhelp() local CHM file execution", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/363202" }, { "name": "ie-showhelp-chm-execution(16147)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0475", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash (\"\\\\\") before the target CHM file, as demonstrated using an \"ms-its\" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "10348", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10348" }, { "name": "20040513 Showhelp() local CHM file execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/363202" }, { "name": "ie-showhelp-chm-execution(16147)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0475", "datePublished": "2004-05-20T04:00:00", "dateReserved": "2004-05-17T00:00:00", "dateUpdated": "2024-08-08T00:17:15.126Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-1545 (GCVE-0-2012-1545)
Vulnerability from cvelistv5
Published
2012-03-09 11:00
Modified
2024-09-17 02:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:01:02.832Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://pwn2own.zerodayinitiative.com/status.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://twitter.com/vupen/statuses/177895844828291073" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-03-09T11:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://pwn2own.zerodayinitiative.com/status.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621" }, { "tags": [ "x_refsource_MISC" ], "url": "http://twitter.com/vupen/statuses/177895844828291073" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1545", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://pwn2own.zerodayinitiative.com/status.html", "refsource": "MISC", "url": "http://pwn2own.zerodayinitiative.com/status.html" }, { "name": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars", "refsource": "MISC", "url": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars" }, { "name": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621", "refsource": "MISC", "url": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621" }, { "name": "http://twitter.com/vupen/statuses/177895844828291073", "refsource": "MISC", "url": "http://twitter.com/vupen/statuses/177895844828291073" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1545", "datePublished": "2012-03-09T11:00:00Z", "dateReserved": "2012-03-09T00:00:00Z", "dateUpdated": "2024-09-17T02:01:01.177Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-2382 (GCVE-0-2011-2382)
Vulnerability from cvelistv5
Published
2011-06-03 17:00
Modified
2024-09-17 02:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.
References
► | URL | Tags | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T23:00:33.554Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.informationweek.com/news/security/vulnerabilities/229700031" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://news.cnet.com/8301-1009_3-20066419-83.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.youtube.com/watch?v=VsSkcnIFCxM" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.networkworld.com/community/node/74259" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.youtube.com/watch?v=V95CX-3JpK0" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2011-06-03T17:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.informationweek.com/news/security/vulnerabilities/229700031" }, { "tags": [ "x_refsource_MISC" ], "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" }, { "tags": [ "x_refsource_MISC" ], "url": "http://news.cnet.com/8301-1009_3-20066419-83.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.youtube.com/watch?v=VsSkcnIFCxM" }, { "tags": [ "x_refsource_MISC" ], "url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.networkworld.com/community/node/74259" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.youtube.com/watch?v=V95CX-3JpK0" }, { "tags": [ "x_refsource_MISC" ], "url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-2382", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.informationweek.com/news/security/vulnerabilities/229700031", "refsource": "MISC", "url": "http://www.informationweek.com/news/security/vulnerabilities/229700031" }, { "name": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388", "refsource": "MISC", "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" }, { "name": "http://news.cnet.com/8301-1009_3-20066419-83.html", "refsource": "MISC", "url": "http://news.cnet.com/8301-1009_3-20066419-83.html" }, { "name": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/", "refsource": "MISC", "url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" }, { "name": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/", "refsource": "MISC", "url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" }, { "name": "http://www.youtube.com/watch?v=VsSkcnIFCxM", "refsource": "MISC", "url": "http://www.youtube.com/watch?v=VsSkcnIFCxM" }, { "name": "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt", "refsource": "MISC", "url": "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt" }, { "name": "http://www.networkworld.com/community/node/74259", "refsource": "MISC", "url": "http://www.networkworld.com/community/node/74259" }, { "name": "http://www.youtube.com/watch?v=V95CX-3JpK0", "refsource": "MISC", "url": "http://www.youtube.com/watch?v=V95CX-3JpK0" }, { "name": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt", "refsource": "MISC", "url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-2382", "datePublished": "2011-06-03T17:00:00Z", "dateReserved": "2011-06-03T00:00:00Z", "dateUpdated": "2024-09-17T02:41:25.100Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0114 (GCVE-0-2003-0114)
Vulnerability from cvelistv5
Published
2003-04-26 04:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:43:35.957Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20030203 internet explorer local file reading", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=104429340817718\u0026w=2" }, { "name": "oval:org.mitre.oval:def:963", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963" }, { "name": "MS03-015", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-04-24T00:00:00", "descriptions": [ { "lang": "en", "value": "The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20030203 internet explorer local file reading", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=104429340817718\u0026w=2" }, { "name": "oval:org.mitre.oval:def:963", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963" }, { "name": "MS03-015", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0114", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20030203 internet explorer local file reading", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=104429340817718\u0026w=2" }, { "name": "oval:org.mitre.oval:def:963", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963" }, { "name": "MS03-015", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0114", "datePublished": "2003-04-26T04:00:00", "dateReserved": "2003-02-26T00:00:00", "dateUpdated": "2024-08-08T01:43:35.957Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-2219 (GCVE-0-2004-2219)
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2024-08-08 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:22:13.227Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20040815 NullyFake - Site Spoofing in MSIE", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html" }, { "name": "12304", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/12304" }, { "name": "8978", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/8978" }, { "name": "ie-address-bar-spoofing(17007)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17007" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt" }, { "name": "1010957", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1010957" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-08-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20040815 NullyFake - Site Spoofing in MSIE", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html" }, { "name": "12304", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/12304" }, { "name": "8978", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/8978" }, { "name": "ie-address-bar-spoofing(17007)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17007" }, { "tags": [ "x_refsource_MISC" ], "url": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt" }, { "name": "1010957", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1010957" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2219", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20040815 NullyFake - Site Spoofing in MSIE", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html" }, { "name": "12304", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12304" }, { "name": "8978", "refsource": "OSVDB", "url": "http://www.osvdb.org/8978" }, { "name": "ie-address-bar-spoofing(17007)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17007" }, { "name": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt", "refsource": "MISC", "url": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt" }, { "name": "1010957", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1010957" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2219", "datePublished": "2005-07-17T04:00:00", "dateReserved": "2005-07-17T00:00:00", "dateUpdated": "2024-08-08T01:22:13.227Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0344 (GCVE-0-2003-0344)
Vulnerability from cvelistv5
Published
2003-06-06 04:00
Modified
2024-08-08 01:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:50:47.586Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20030604 Internet Explorer Object Type Property Overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2" }, { "name": "8943", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/8943" }, { "name": "oval:org.mitre.oval:def:922", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922" }, { "name": "20030709 IE Object Type Overflow Exploit", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html" }, { "name": "MS03-020", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020" }, { "name": "AD20030604", "tags": [ "third-party-advisory", "x_refsource_EEYE", "x_transferred" ], "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html" }, { "name": "VU#679556", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/679556" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-06-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20030604 Internet Explorer Object Type Property Overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2" }, { "name": "8943", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/8943" }, { "name": "oval:org.mitre.oval:def:922", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922" }, { "name": "20030709 IE Object Type Overflow Exploit", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html" }, { "name": "MS03-020", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020" }, { "name": "AD20030604", "tags": [ "third-party-advisory", "x_refsource_EEYE" ], "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html" }, { "name": "VU#679556", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/679556" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0344", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20030604 Internet Explorer Object Type Property Overflow", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2" }, { "name": "8943", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/8943" }, { "name": "oval:org.mitre.oval:def:922", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922" }, { "name": "20030709 IE Object Type Overflow Exploit", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html" }, { "name": "MS03-020", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020" }, { "name": "AD20030604", "refsource": "EEYE", "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html" }, { "name": "VU#679556", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/679556" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0344", "datePublished": "2003-06-06T04:00:00", "dateReserved": "2003-05-28T00:00:00", "dateUpdated": "2024-08-08T01:50:47.586Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-0054 (GCVE-0-2005-0054)
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."
References
► | URL | Tags | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:57:40.749Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:3196", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196" }, { "name": "ie-file-url-encode(19214)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19214" }, { "name": "MS05-014", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "name": "TA05-039A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "name": "oval:org.mitre.oval:def:3060", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060" }, { "name": "oval:org.mitre.oval:def:1736", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736" }, { "name": "20050209 Internet Explorer zone spoofing with encoded URLs", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=110796851002781\u0026w=2" }, { "name": "oval:org.mitre.oval:def:3586", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586" }, { "name": "oval:org.mitre.oval:def:1308", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308" }, { "name": "VU#580299", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/580299" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the \"URL Decoding Zone Spoofing Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:3196", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196" }, { "name": "ie-file-url-encode(19214)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19214" }, { "name": "MS05-014", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "name": "TA05-039A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "name": "oval:org.mitre.oval:def:3060", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060" }, { "name": "oval:org.mitre.oval:def:1736", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736" }, { "name": "20050209 Internet Explorer zone spoofing with encoded URLs", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=110796851002781\u0026w=2" }, { "name": "oval:org.mitre.oval:def:3586", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586" }, { "name": "oval:org.mitre.oval:def:1308", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308" }, { "name": "VU#580299", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/580299" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0054", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the \"URL Decoding Zone Spoofing Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:3196", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196" }, { "name": "ie-file-url-encode(19214)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19214" }, { "name": "MS05-014", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "name": "TA05-039A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "name": "oval:org.mitre.oval:def:3060", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060" }, { "name": "oval:org.mitre.oval:def:1736", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736" }, { "name": "20050209 Internet Explorer zone spoofing with encoded URLs", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=110796851002781\u0026w=2" }, { "name": "oval:org.mitre.oval:def:3586", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586" }, { "name": "oval:org.mitre.oval:def:1308", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308" }, { "name": "VU#580299", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/580299" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0054", "datePublished": "2005-02-08T05:00:00", "dateReserved": "2005-01-11T00:00:00", "dateUpdated": "2024-08-07T20:57:40.749Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0823 (GCVE-0-2003-0823)
Vulnerability from cvelistv5
Published
2004-01-14 05:00
Modified
2024-08-08 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:05:12.587Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#413886", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/413886" }, { "name": "20030910 MSIE-\u003eHijackClick: 1+1=2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106322197932006\u0026w=2" }, { "name": "oval:org.mitre.oval:def:370", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370" }, { "name": "oval:org.mitre.oval:def:371", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371" }, { "name": "MS03-048", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "oval:org.mitre.oval:def:588", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588" }, { "name": "20030911 LiuDieYu\u0027s missing files are here.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/337086" }, { "name": "oval:org.mitre.oval:def:733", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733" }, { "name": "oval:org.mitre.oval:def:369", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369" }, { "name": "oval:org.mitre.oval:def:368", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368" }, { "name": "10192", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10192" }, { "name": "oval:org.mitre.oval:def:372", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372" }, { "name": "1006036", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1006036" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-09-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "VU#413886", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/413886" }, { "name": "20030910 MSIE-\u003eHijackClick: 1+1=2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106322197932006\u0026w=2" }, { "name": "oval:org.mitre.oval:def:370", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370" }, { "name": "oval:org.mitre.oval:def:371", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371" }, { "name": "MS03-048", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "oval:org.mitre.oval:def:588", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588" }, { "name": "20030911 LiuDieYu\u0027s missing files are here.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/337086" }, { "name": "oval:org.mitre.oval:def:733", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733" }, { "name": "oval:org.mitre.oval:def:369", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369" }, { "name": "oval:org.mitre.oval:def:368", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368" }, { "name": "10192", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10192" }, { "name": "oval:org.mitre.oval:def:372", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372" }, { "name": "1006036", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1006036" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0823", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#413886", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/413886" }, { "name": "20030910 MSIE-\u003eHijackClick: 1+1=2", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106322197932006\u0026w=2" }, { "name": "oval:org.mitre.oval:def:370", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370" }, { "name": "oval:org.mitre.oval:def:371", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371" }, { "name": "MS03-048", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "oval:org.mitre.oval:def:588", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588" }, { "name": "20030911 LiuDieYu\u0027s missing files are here.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/337086" }, { "name": "oval:org.mitre.oval:def:733", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733" }, { "name": "oval:org.mitre.oval:def:369", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369" }, { "name": "oval:org.mitre.oval:def:368", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368" }, { "name": "10192", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10192" }, { "name": "oval:org.mitre.oval:def:372", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372" }, { "name": "1006036", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1006036" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0823", "datePublished": "2004-01-14T05:00:00", "dateReserved": "2003-09-18T00:00:00", "dateUpdated": "2024-08-08T02:05:12.587Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-1388 (GCVE-0-2006-1388)
Vulnerability from cvelistv5
Published
2006-03-24 20:00
Modified
2024-08-07 17:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:12:21.329Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:1591", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1591" }, { "name": "ie-hta-file-execution(25394)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25394" }, { "name": "19378", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19378" }, { "name": "VU#434641", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/434641" }, { "name": "oval:org.mitre.oval:def:1642", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1642" }, { "name": "oval:org.mitre.oval:def:1774", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1774" }, { "name": "TA06-101A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "20060321 IE .hta vulnerability reported", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html" }, { "name": "oval:org.mitre.oval:def:1676", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1676" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed" }, { "name": "MS06-013", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "17181", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/17181" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://jeffrey.vanderstad.net/grasshopper/" }, { "name": "1015800", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015800" }, { "name": "24095", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/24095" }, { "name": "ADV-2006-1318", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "oval:org.mitre.oval:def:1724", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1724" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-03-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:1591", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1591" }, { "name": "ie-hta-file-execution(25394)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25394" }, { "name": "19378", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19378" }, { "name": "VU#434641", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/434641" }, { "name": "oval:org.mitre.oval:def:1642", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1642" }, { "name": "oval:org.mitre.oval:def:1774", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1774" }, { "name": "TA06-101A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "20060321 IE .hta vulnerability reported", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html" }, { "name": "oval:org.mitre.oval:def:1676", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1676" }, { "tags": [ "x_refsource_MISC" ], "url": "http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed" }, { "name": "MS06-013", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "17181", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/17181" }, { "tags": [ "x_refsource_MISC" ], "url": "http://jeffrey.vanderstad.net/grasshopper/" }, { "name": "1015800", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015800" }, { "name": "24095", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/24095" }, { "name": "ADV-2006-1318", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "oval:org.mitre.oval:def:1724", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1724" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1388", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:1591", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1591" }, { "name": "ie-hta-file-execution(25394)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25394" }, { "name": "19378", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19378" }, { "name": "VU#434641", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/434641" }, { "name": "oval:org.mitre.oval:def:1642", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1642" }, { "name": "oval:org.mitre.oval:def:1774", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1774" }, { "name": "TA06-101A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "20060321 IE .hta vulnerability reported", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html" }, { "name": "oval:org.mitre.oval:def:1676", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1676" }, { "name": "http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed", "refsource": "MISC", "url": "http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed" }, { "name": "MS06-013", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "17181", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17181" }, { "name": "http://jeffrey.vanderstad.net/grasshopper/", "refsource": "MISC", "url": "http://jeffrey.vanderstad.net/grasshopper/" }, { "name": "1015800", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015800" }, { "name": "24095", "refsource": "OSVDB", "url": "http://www.osvdb.org/24095" }, { "name": "ADV-2006-1318", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "oval:org.mitre.oval:def:1724", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1724" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1388", "datePublished": "2006-03-24T20:00:00", "dateReserved": "2006-03-24T00:00:00", "dateUpdated": "2024-08-07T17:12:21.329Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-0076 (GCVE-0-2008-0076)
Vulnerability from cvelistv5
Published
2008-02-12 22:00
Modified
2024-08-07 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:32:24.099Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBST02314", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "name": "SSRT080016", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "name": "oval:org.mitre.oval:def:5487", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5487" }, { "name": "TA08-043C", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" }, { "name": "ADV-2008-0512", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0512/references" }, { "name": "MS08-010", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010" }, { "name": "28903", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28903" }, { "name": "27668", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/27668" }, { "name": "1019379", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019379" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-02-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka \"HTML Rendering Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "HPSBST02314", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "name": "SSRT080016", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "name": "oval:org.mitre.oval:def:5487", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5487" }, { "name": "TA08-043C", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" }, { "name": "ADV-2008-0512", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0512/references" }, { "name": "MS08-010", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010" }, { "name": "28903", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28903" }, { "name": "27668", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/27668" }, { "name": "1019379", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019379" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2008-0076", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka \"HTML Rendering Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBST02314", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "name": "SSRT080016", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "name": "oval:org.mitre.oval:def:5487", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5487" }, { "name": "TA08-043C", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" }, { "name": "ADV-2008-0512", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0512/references" }, { "name": "MS08-010", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010" }, { "name": "28903", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28903" }, { "name": "27668", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27668" }, { "name": "1019379", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019379" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2008-0076", "datePublished": "2008-02-12T22:00:00", "dateReserved": "2008-01-03T00:00:00", "dateUpdated": "2024-08-07T07:32:24.099Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-1085 (GCVE-0-2008-1085)
Vulnerability from cvelistv5
Published
2008-04-08 23:00
Modified
2024-08-07 08:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:08:57.611Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "TA08-099A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html" }, { "name": "SSRT080048", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2" }, { "name": "ADV-2008-1148", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1148/references" }, { "name": "HPSBST02329", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://secunia.com/secunia_research/2007-100/advisory/" }, { "name": "MS08-024", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024" }, { "name": "1019801", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019801" }, { "name": "28552", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28552" }, { "name": "20080414 Secunia Research: Internet Explorer Data Stream HandlingVulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/490840/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:5563", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563" }, { "name": "27707", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27707" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-04-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "TA08-099A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html" }, { "name": "SSRT080048", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2" }, { "name": "ADV-2008-1148", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1148/references" }, { "name": "HPSBST02329", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2" }, { "tags": [ "x_refsource_MISC" ], "url": "http://secunia.com/secunia_research/2007-100/advisory/" }, { "name": "MS08-024", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024" }, { "name": "1019801", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019801" }, { "name": "28552", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28552" }, { "name": "20080414 Secunia Research: Internet Explorer Data Stream HandlingVulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/490840/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:5563", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563" }, { "name": "27707", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27707" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2008-1085", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "TA08-099A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html" }, { "name": "SSRT080048", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2" }, { "name": "ADV-2008-1148", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1148/references" }, { "name": "HPSBST02329", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2" }, { "name": "http://secunia.com/secunia_research/2007-100/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2007-100/advisory/" }, { "name": "MS08-024", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024" }, { "name": "1019801", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019801" }, { "name": "28552", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28552" }, { "name": "20080414 Secunia Research: Internet Explorer Data Stream HandlingVulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/490840/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:5563", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563" }, { "name": "27707", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27707" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2008-1085", "datePublished": "2008-04-08T23:00:00", "dateReserved": "2008-02-28T00:00:00", "dateUpdated": "2024-08-07T08:08:57.611Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-2383 (GCVE-0-2011-2383)
Vulnerability from cvelistv5
Published
2011-06-03 17:00
Modified
2024-08-06 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T23:00:33.783Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.informationweek.com/news/security/vulnerabilities/229700031" }, { "name": "MS11-057", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://news.cnet.com/8301-1009_3-20066419-83.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" }, { "name": "oval:org.mitre.oval:def:12820", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.youtube.com/watch?v=VsSkcnIFCxM" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.networkworld.com/community/node/74259" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.youtube.com/watch?v=V95CX-3JpK0" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-05-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue, aka \"Drag and Drop Information Disclosure Vulnerability.\" NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.informationweek.com/news/security/vulnerabilities/229700031" }, { "name": "MS11-057", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057" }, { "tags": [ "x_refsource_MISC" ], "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" }, { "tags": [ "x_refsource_MISC" ], "url": "http://news.cnet.com/8301-1009_3-20066419-83.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" }, { "name": "oval:org.mitre.oval:def:12820", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.youtube.com/watch?v=VsSkcnIFCxM" }, { "tags": [ "x_refsource_MISC" ], "url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.networkworld.com/community/node/74259" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.youtube.com/watch?v=V95CX-3JpK0" }, { "tags": [ "x_refsource_MISC" ], "url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-2383", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue, aka \"Drag and Drop Information Disclosure Vulnerability.\" NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.informationweek.com/news/security/vulnerabilities/229700031", "refsource": "MISC", "url": "http://www.informationweek.com/news/security/vulnerabilities/229700031" }, { "name": "MS11-057", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057" }, { "name": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388", "refsource": "MISC", "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" }, { "name": "http://news.cnet.com/8301-1009_3-20066419-83.html", "refsource": "MISC", "url": "http://news.cnet.com/8301-1009_3-20066419-83.html" }, { "name": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/", "refsource": "MISC", "url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" }, { "name": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/", "refsource": "MISC", "url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" }, { "name": "oval:org.mitre.oval:def:12820", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820" }, { "name": "http://www.youtube.com/watch?v=VsSkcnIFCxM", "refsource": "MISC", "url": "http://www.youtube.com/watch?v=VsSkcnIFCxM" }, { "name": "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt", "refsource": "MISC", "url": "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt" }, { "name": "http://www.networkworld.com/community/node/74259", "refsource": "MISC", "url": "http://www.networkworld.com/community/node/74259" }, { "name": "http://www.youtube.com/watch?v=V95CX-3JpK0", "refsource": "MISC", "url": "http://www.youtube.com/watch?v=V95CX-3JpK0" }, { "name": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt", "refsource": "MISC", "url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-2383", "datePublished": "2011-06-03T17:00:00", "dateReserved": "2011-06-03T00:00:00", "dateUpdated": "2024-08-06T23:00:33.783Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-2125 (GCVE-0-2002-2125)
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-09-17 03:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:51:17.394Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-ssl-certificate-expired(10180)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10180.php" }, { "name": "5778", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/5778" }, { "name": "20020923 IE6 SSL Certificate Chain Verification", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/292842" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user\u0027s local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-16T07:37:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ie-ssl-certificate-expired(10180)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10180.php" }, { "name": "5778", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/5778" }, { "name": "20020923 IE6 SSL Certificate Chain Verification", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/292842" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-2125", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user\u0027s local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-ssl-certificate-expired(10180)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10180.php" }, { "name": "5778", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5778" }, { "name": "20020923 IE6 SSL Certificate Chain Verification", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/292842" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-2125", "datePublished": "2005-11-16T07:37:00Z", "dateReserved": "2005-11-16T00:00:00Z", "dateUpdated": "2024-09-17T03:42:55.162Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-2766 (GCVE-0-2006-2766)
Vulnerability from cvelistv5
Published
2006-06-02 10:00
Modified
2024-08-07 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:58:51.919Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20060531 Internet explorer Vulnerbility", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/435492/100/0/threaded" }, { "name": "VU#891204", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/891204" }, { "name": "20384", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20384" }, { "name": "ADV-2006-2088", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2088" }, { "name": "ie-mhtml-mid-bo(26810)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26810" }, { "name": "25949", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/25949" }, { "name": "oval:org.mitre.oval:def:441", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441" }, { "name": "1016654", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016654" }, { "name": "20060601 Re: Internet explorer Vulnerbility", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/435609/100/0/threaded" }, { "name": "MS06-043", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043" }, { "name": "TA06-220A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "18198", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18198" }, { "name": "20060601 RE: Internet explorer Vulnerbility", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/435616/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-05-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20060531 Internet explorer Vulnerbility", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/435492/100/0/threaded" }, { "name": "VU#891204", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/891204" }, { "name": "20384", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20384" }, { "name": "ADV-2006-2088", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2088" }, { "name": "ie-mhtml-mid-bo(26810)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26810" }, { "name": "25949", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/25949" }, { "name": "oval:org.mitre.oval:def:441", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441" }, { "name": "1016654", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016654" }, { "name": "20060601 Re: Internet explorer Vulnerbility", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/435609/100/0/threaded" }, { "name": "MS06-043", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043" }, { "name": "TA06-220A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "18198", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18198" }, { "name": "20060601 RE: Internet explorer Vulnerbility", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/435616/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2766", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20060531 Internet explorer Vulnerbility", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/435492/100/0/threaded" }, { "name": "VU#891204", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/891204" }, { "name": "20384", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20384" }, { "name": "ADV-2006-2088", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2088" }, { "name": "ie-mhtml-mid-bo(26810)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26810" }, { "name": "25949", "refsource": "OSVDB", "url": "http://www.osvdb.org/25949" }, { "name": "oval:org.mitre.oval:def:441", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441" }, { "name": "1016654", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016654" }, { "name": "20060601 Re: Internet explorer Vulnerbility", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/435609/100/0/threaded" }, { "name": "MS06-043", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043" }, { "name": "TA06-220A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "18198", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18198" }, { "name": "20060601 RE: Internet explorer Vulnerbility", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/435616/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2766", "datePublished": "2006-06-02T10:00:00", "dateReserved": "2006-06-01T00:00:00", "dateUpdated": "2024-08-07T17:58:51.919Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0979 (GCVE-0-2004-0979)
Vulnerability from cvelistv5
Published
2004-10-21 04:00
Modified
2024-08-08 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:39:00.448Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "ie-dragdrop-security-bypass(17820)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17820" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "VU#630720", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/630720" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-10-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer on Windows XP does not properly modify the \"Drag and Drop or copy and paste files\" setting when the user sets it to \"Disable\" or \"Prompt,\" which may enable security-sensitive operations that are inconsistent with the user\u0027s intended configuration." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "ie-dragdrop-security-bypass(17820)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17820" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "VU#630720", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/630720" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0979", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer on Windows XP does not properly modify the \"Drag and Drop or copy and paste files\" setting when the user sets it to \"Disable\" or \"Prompt,\" which may enable security-sensitive operations that are inconsistent with the user\u0027s intended configuration." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MS04-038", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "ie-dragdrop-security-bypass(17820)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17820" }, { "name": "TA04-293A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "VU#630720", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/630720" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0979", "datePublished": "2004-10-21T04:00:00", "dateReserved": "2004-10-20T00:00:00", "dateUpdated": "2024-08-08T00:39:00.448Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-2378 (GCVE-0-2006-2378)
Vulnerability from cvelistv5
Published
2006-06-13 19:00
Modified
2024-08-07 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:51:03.691Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "win-art-image-bo(26809)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26809" }, { "name": "oval:org.mitre.oval:def:1640", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640" }, { "name": "26432", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/26432" }, { "name": "oval:org.mitre.oval:def:1756", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756" }, { "name": "oval:org.mitre.oval:def:1668", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668" }, { "name": "TA06-164A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html" }, { "name": "20605", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20605" }, { "name": "MS06-022", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022" }, { "name": "VU#923236", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/923236" }, { "name": "18394", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18394" }, { "name": "20060613 Microsoft Internet Explorer ART File Heap Corruption Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407" }, { "name": "ADV-2006-2320", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2320" }, { "name": "oval:org.mitre.oval:def:1866", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866" }, { "name": "1016292", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016292" }, { "name": "oval:org.mitre.oval:def:1590", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-06-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "win-art-image-bo(26809)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26809" }, { "name": "oval:org.mitre.oval:def:1640", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640" }, { "name": "26432", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/26432" }, { "name": "oval:org.mitre.oval:def:1756", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756" }, { "name": "oval:org.mitre.oval:def:1668", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668" }, { "name": "TA06-164A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html" }, { "name": "20605", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20605" }, { "name": "MS06-022", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022" }, { "name": "VU#923236", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/923236" }, { "name": "18394", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18394" }, { "name": "20060613 Microsoft Internet Explorer ART File Heap Corruption Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407" }, { "name": "ADV-2006-2320", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2320" }, { "name": "oval:org.mitre.oval:def:1866", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866" }, { "name": "1016292", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016292" }, { "name": "oval:org.mitre.oval:def:1590", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-2378", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "win-art-image-bo(26809)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26809" }, { "name": "oval:org.mitre.oval:def:1640", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640" }, { "name": "26432", "refsource": "OSVDB", "url": "http://www.osvdb.org/26432" }, { "name": "oval:org.mitre.oval:def:1756", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756" }, { "name": "oval:org.mitre.oval:def:1668", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668" }, { "name": "TA06-164A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html" }, { "name": "20605", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20605" }, { "name": "MS06-022", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022" }, { "name": "VU#923236", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/923236" }, { "name": "18394", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18394" }, { "name": "20060613 Microsoft Internet Explorer ART File Heap Corruption Vulnerability", "refsource": "IDEFENSE", "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407" }, { "name": "ADV-2006-2320", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2320" }, { "name": "oval:org.mitre.oval:def:1866", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866" }, { "name": "1016292", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016292" }, { "name": "oval:org.mitre.oval:def:1590", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-2378", "datePublished": "2006-06-13T19:00:00", "dateReserved": "2006-05-15T00:00:00", "dateUpdated": "2024-08-07T17:51:03.691Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0869 (GCVE-0-2004-0869)
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:47.570Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://securityfocus.com/archive/1/375407" }, { "name": "1011332", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1011332" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt" }, { "name": "web-browser-cookie-session-hijack(17417)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-09-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://securityfocus.com/archive/1/375407" }, { "name": "1011332", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1011332" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt" }, { "name": "web-browser-cookie-session-hijack(17417)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0869", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://securityfocus.com/archive/1/375407" }, { "name": "1011332", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1011332" }, { "name": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt", "refsource": "MISC", "url": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt" }, { "name": "web-browser-cookie-session-hijack(17417)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0869", "datePublished": "2005-02-13T05:00:00", "dateReserved": "2004-09-14T00:00:00", "dateUpdated": "2024-08-08T00:31:47.570Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-2291 (GCVE-0-2004-2291)
Vulnerability from cvelistv5
Published
2005-08-04 04:00
Modified
2024-09-16 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:22:13.548Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "9335", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9335" }, { "name": "20040101 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/348688" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-08-04T04:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "9335", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9335" }, { "name": "20040101 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/348688" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2291", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "9335", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9335" }, { "name": "20040101 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/348688" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2291", "datePublished": "2005-08-04T04:00:00Z", "dateReserved": "2005-08-04T00:00:00Z", "dateUpdated": "2024-09-16T23:41:08.591Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1050 (GCVE-0-2004-1050)
Vulnerability from cvelistv5
Published
2004-11-18 05:00
Modified
2024-08-08 00:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:38:59.861Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#842160", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/842160" }, { "name": "20041023 python does mangleme (with IE bugs!)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html" }, { "name": "MS04-040", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040" }, { "name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2" }, { "name": "11515", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11515" }, { "name": "oval:org.mitre.oval:def:1294", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294" }, { "name": "20041025 python does mangleme (with IE bugs!)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html" }, { "name": "TA04-315A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html" }, { "name": "ie-iframe-src-name-bo(17889)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889" }, { "name": "12959", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/12959/" }, { "name": "20041024 python does mangleme (with IE bugs!)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/379261" }, { "name": "TA04-336A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-10-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "VU#842160", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/842160" }, { "name": "20041023 python does mangleme (with IE bugs!)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html" }, { "name": "MS04-040", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040" }, { "name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2" }, { "name": "11515", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11515" }, { "name": "oval:org.mitre.oval:def:1294", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294" }, { "name": "20041025 python does mangleme (with IE bugs!)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html" }, { "name": "TA04-315A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html" }, { "name": "ie-iframe-src-name-bo(17889)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889" }, { "name": "12959", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/12959/" }, { "name": "20041024 python does mangleme (with IE bugs!)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/379261" }, { "name": "TA04-336A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1050", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#842160", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/842160" }, { "name": "20041023 python does mangleme (with IE bugs!)", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html" }, { "name": "MS04-040", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040" }, { "name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2" }, { "name": "11515", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11515" }, { "name": "oval:org.mitre.oval:def:1294", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294" }, { "name": "20041025 python does mangleme (with IE bugs!)", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html" }, { "name": "TA04-315A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html" }, { "name": "ie-iframe-src-name-bo(17889)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889" }, { "name": "12959", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12959/" }, { "name": "20041024 python does mangleme (with IE bugs!)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/379261" }, { "name": "TA04-336A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1050", "datePublished": "2004-11-18T05:00:00", "dateReserved": "2004-11-17T00:00:00", "dateUpdated": "2024-08-08T00:38:59.861Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-2434 (GCVE-0-2004-2434)
Vulnerability from cvelistv5
Published
2005-08-18 04:00
Modified
2024-08-08 01:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:29:12.813Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "8335", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/8335" }, { "name": "1010491", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1010491" }, { "name": "20040615 RE: Internet Explorer Remote Null Pointer Crash(mshtml.dll)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html" }, { "name": "20040728 Re: Internet Explorer Remote Null Pointer Crash(mshtml.dll)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html" }, { "name": "20040614 Internet Explorer Remote Null Pointer Crash(mshtml.dll)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html" }, { "name": "ie-null-pointer-dos(16420)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16420" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-06-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with \"::{\" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using \"Save As\" and Internet Explorer prepares an error message with an attacker-controlled format string." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "8335", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/8335" }, { "name": "1010491", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1010491" }, { "name": "20040615 RE: Internet Explorer Remote Null Pointer Crash(mshtml.dll)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html" }, { "name": "20040728 Re: Internet Explorer Remote Null Pointer Crash(mshtml.dll)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html" }, { "name": "20040614 Internet Explorer Remote Null Pointer Crash(mshtml.dll)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html" }, { "name": "ie-null-pointer-dos(16420)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16420" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2434", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with \"::{\" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using \"Save As\" and Internet Explorer prepares an error message with an attacker-controlled format string." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "8335", "refsource": "OSVDB", "url": "http://www.osvdb.org/8335" }, { "name": "1010491", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1010491" }, { "name": "20040615 RE: Internet Explorer Remote Null Pointer Crash(mshtml.dll)", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html" }, { "name": "20040728 Re: Internet Explorer Remote Null Pointer Crash(mshtml.dll)", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html" }, { "name": "20040614 Internet Explorer Remote Null Pointer Crash(mshtml.dll)", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html" }, { "name": "ie-null-pointer-dos(16420)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16420" }, { "name": "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html", "refsource": "MISC", "url": "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2434", "datePublished": "2005-08-18T04:00:00", "dateReserved": "2005-08-18T00:00:00", "dateUpdated": "2024-08-08T01:29:12.813Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-2831 (GCVE-0-2005-2831)
Vulnerability from cvelistv5
Published
2005-12-14 11:00
Modified
2024-08-07 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:45:02.395Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1015348", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015348" }, { "name": "18064", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18064" }, { "name": "15827", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15827" }, { "name": "VU#959049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "oval:org.mitre.oval:def:1597", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1597" }, { "name": "TA05-347A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html" }, { "name": "MS05-054", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "name": "oval:org.mitre.oval:def:1475", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1475" }, { "name": "oval:org.mitre.oval:def:1520", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1520" }, { "name": "oval:org.mitre.oval:def:1426", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1426" }, { "name": "oval:org.mitre.oval:def:1558", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1558" }, { "name": "oval:org.mitre.oval:def:1543", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1543" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "name": "15368", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/15368" }, { "name": "ADV-2005-2909", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "name": "18311", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18311" }, { "name": "win-com-activex-execute-code(23453)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23453" }, { "name": "21763", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/21763" }, { "name": "ADV-2005-2867", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-12-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the \"COM Object Instantiation Memory Corruption Vulnerability,\" a different vulnerability than CVE-2005-2127." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "1015348", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015348" }, { "name": "18064", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18064" }, { "name": "15827", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15827" }, { "name": "VU#959049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "oval:org.mitre.oval:def:1597", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1597" }, { "name": "TA05-347A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html" }, { "name": "MS05-054", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "name": "oval:org.mitre.oval:def:1475", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1475" }, { "name": "oval:org.mitre.oval:def:1520", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1520" }, { "name": "oval:org.mitre.oval:def:1426", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1426" }, { "name": "oval:org.mitre.oval:def:1558", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1558" }, { "name": "oval:org.mitre.oval:def:1543", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1543" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "name": "15368", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/15368" }, { "name": "ADV-2005-2909", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "name": "18311", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18311" }, { "name": "win-com-activex-execute-code(23453)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23453" }, { "name": "21763", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/21763" }, { "name": "ADV-2005-2867", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2005-2831", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the \"COM Object Instantiation Memory Corruption Vulnerability,\" a different vulnerability than CVE-2005-2127." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1015348", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015348" }, { "name": "18064", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18064" }, { "name": "15827", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15827" }, { "name": "VU#959049", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "oval:org.mitre.oval:def:1597", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1597" }, { "name": "TA05-347A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html" }, { "name": "MS05-054", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "name": "oval:org.mitre.oval:def:1475", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1475" }, { "name": "oval:org.mitre.oval:def:1520", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1520" }, { "name": "oval:org.mitre.oval:def:1426", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1426" }, { "name": "oval:org.mitre.oval:def:1558", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1558" }, { "name": "oval:org.mitre.oval:def:1543", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1543" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "name": "15368", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/15368" }, { "name": "ADV-2005-2909", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "name": "18311", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18311" }, { "name": "win-com-activex-execute-code(23453)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23453" }, { "name": "21763", "refsource": "OSVDB", "url": "http://www.osvdb.org/21763" }, { "name": "ADV-2005-2867", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420", "refsource": "MISC", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2005-2831", "datePublished": "2005-12-14T11:00:00", "dateReserved": "2005-09-07T00:00:00", "dateUpdated": "2024-08-07T22:45:02.395Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-0056 (GCVE-0-2005-0056)
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:57:40.745Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:2817", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817" }, { "name": "oval:org.mitre.oval:def:2385", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385" }, { "name": "MS05-014", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "name": "TA05-039A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "name": "12427", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/12427" }, { "name": "ie-cdf-execute-code(19137)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137" }, { "name": "1013126", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1013126" }, { "name": "oval:org.mitre.oval:def:4085", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085" }, { "name": "oval:org.mitre.oval:def:4947", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947" }, { "name": "VU#823971", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/823971" }, { "name": "oval:org.mitre.oval:def:3318", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the \"Channel Definition Format (CDF) Cross Domain Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:2817", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817" }, { "name": "oval:org.mitre.oval:def:2385", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385" }, { "name": "MS05-014", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "name": "TA05-039A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "name": "12427", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/12427" }, { "name": "ie-cdf-execute-code(19137)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137" }, { "name": "1013126", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1013126" }, { "name": "oval:org.mitre.oval:def:4085", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085" }, { "name": "oval:org.mitre.oval:def:4947", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947" }, { "name": "VU#823971", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/823971" }, { "name": "oval:org.mitre.oval:def:3318", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0056", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the \"Channel Definition Format (CDF) Cross Domain Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:2817", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817" }, { "name": "oval:org.mitre.oval:def:2385", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385" }, { "name": "MS05-014", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "name": "TA05-039A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "name": "12427", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12427" }, { "name": "ie-cdf-execute-code(19137)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137" }, { "name": "1013126", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013126" }, { "name": "oval:org.mitre.oval:def:4085", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085" }, { "name": "oval:org.mitre.oval:def:4947", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947" }, { "name": "VU#823971", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/823971" }, { "name": "oval:org.mitre.oval:def:3318", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0056", "datePublished": "2005-02-08T05:00:00", "dateReserved": "2005-01-11T00:00:00", "dateUpdated": "2024-08-07T20:57:40.745Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-5578 (GCVE-0-2006-5578)
Vulnerability from cvelistv5
Published
2006-12-12 20:00
Modified
2024-08-07 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:55:53.570Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2006-4966", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4966" }, { "name": "23288", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23288" }, { "name": "VU#694344", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/694344" }, { "name": "oval:org.mitre.oval:def:337", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A337" }, { "name": "TA06-346A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" }, { "name": "1017374", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017374" }, { "name": "21494", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/21494" }, { "name": "SSRT061288", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "name": "HPSBST02180", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "name": "MS06-072", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072" }, { "name": "30815", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/30815" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-12-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5577." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "ADV-2006-4966", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4966" }, { "name": "23288", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23288" }, { "name": "VU#694344", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/694344" }, { "name": "oval:org.mitre.oval:def:337", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A337" }, { "name": "TA06-346A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" }, { "name": "1017374", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017374" }, { "name": "21494", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/21494" }, { "name": "SSRT061288", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "name": "HPSBST02180", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "name": "MS06-072", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072" }, { "name": "30815", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/30815" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-5578", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5577." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2006-4966", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4966" }, { "name": "23288", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23288" }, { "name": "VU#694344", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/694344" }, { "name": "oval:org.mitre.oval:def:337", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A337" }, { "name": "TA06-346A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" }, { "name": "1017374", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017374" }, { "name": "21494", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21494" }, { "name": "SSRT061288", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "name": "HPSBST02180", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "name": "MS06-072", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072" }, { "name": "30815", "refsource": "OSVDB", "url": "http://www.osvdb.org/30815" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-5578", "datePublished": "2006-12-12T20:00:00", "dateReserved": "2006-10-27T00:00:00", "dateUpdated": "2024-08-07T19:55:53.570Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-4777 (GCVE-0-2006-4777)
Vulnerability from cvelistv5
Published
2006-09-14 00:00
Modified
2024-08-07 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:23:41.112Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1016854", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016854" }, { "name": "21910", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21910" }, { "name": "1577", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/1577" }, { "name": "TA06-318A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.microsoft.com/technet/security/advisory/925444.mspx" }, { "name": "ADV-2006-3593", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3593" }, { "name": "28842", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/28842" }, { "name": "20060918 Re: IE ActiveX 0day?", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/446246/100/0/threaded" }, { "name": "20060915 RE: IE ActiveX 0day?", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/446084/100/0/threaded" }, { "name": "VU#377369", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/377369" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=2\u0026id=20" }, { "name": "ie-directanimation-code-execution(28942)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28942" }, { "name": "20047", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/20047" }, { "name": "20060915 Fwd: IE ActiveX 0day?", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/446065/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1103", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1103" }, { "name": "MS06-067", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" }, { "name": "20060913 [0day] daxctle2.c - Internet Explorer COM Object Heap Overflow Download Exec Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/445898/100/0/threaded" }, { "name": "20060915 Re: Fwd: IE ActiveX 0day?", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/446085/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-09-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1016854", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016854" }, { "name": "21910", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21910" }, { "name": "1577", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/1577" }, { "name": "TA06-318A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.microsoft.com/technet/security/advisory/925444.mspx" }, { "name": "ADV-2006-3593", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3593" }, { "name": "28842", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/28842" }, { "name": "20060918 Re: IE ActiveX 0day?", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/446246/100/0/threaded" }, { "name": "20060915 RE: IE ActiveX 0day?", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/446084/100/0/threaded" }, { "name": "VU#377369", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/377369" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=2\u0026id=20" }, { "name": "ie-directanimation-code-execution(28942)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28942" }, { "name": "20047", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/20047" }, { "name": "20060915 Fwd: IE ActiveX 0day?", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/446065/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1103", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1103" }, { "name": "MS06-067", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" }, { "name": "20060913 [0day] daxctle2.c - Internet Explorer COM Object Heap Overflow Download Exec Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/445898/100/0/threaded" }, { "name": "20060915 Re: Fwd: IE ActiveX 0day?", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/446085/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4777", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1016854", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016854" }, { "name": "21910", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21910" }, { "name": "1577", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1577" }, { "name": "TA06-318A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "name": "http://www.microsoft.com/technet/security/advisory/925444.mspx", "refsource": "CONFIRM", "url": "http://www.microsoft.com/technet/security/advisory/925444.mspx" }, { "name": "ADV-2006-3593", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3593" }, { "name": "28842", "refsource": "OSVDB", "url": "http://www.osvdb.org/28842" }, { "name": "20060918 Re: IE ActiveX 0day?", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/446246/100/0/threaded" }, { "name": "20060915 RE: IE ActiveX 0day?", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/446084/100/0/threaded" }, { "name": "VU#377369", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/377369" }, { "name": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=2\u0026id=20", "refsource": "MISC", "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=2\u0026id=20" }, { "name": "ie-directanimation-code-execution(28942)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28942" }, { "name": "20047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20047" }, { "name": "20060915 Fwd: IE ActiveX 0day?", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/446065/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1103", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1103" }, { "name": "MS06-067", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" }, { "name": "20060913 [0day] daxctle2.c - Internet Explorer COM Object Heap Overflow Download Exec Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/445898/100/0/threaded" }, { "name": "20060915 Re: Fwd: IE ActiveX 0day?", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/446085/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4777", "datePublished": "2006-09-14T00:00:00", "dateReserved": "2006-09-13T00:00:00", "dateUpdated": "2024-08-07T19:23:41.112Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-0942 (GCVE-0-2007-0942)
Vulnerability from cvelistv5
Published
2007-05-08 23:00
Modified
2024-08-07 12:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.
References
► | URL | Tags | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:34:21.379Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:1939", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939" }, { "name": "HPSBST02214", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "name": "ADV-2007-1712", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1712" }, { "name": "34399", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/34399" }, { "name": "ie-chtskdic-com-code-execution(33252)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33252" }, { "name": "1018019", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018019" }, { "name": "SSRT071422", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "name": "MS07-027", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027" }, { "name": "23769", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23769" }, { "name": "TA07-128A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-05-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly \"instantiate certain COM objects as ActiveX controls,\" which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "oval:org.mitre.oval:def:1939", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939" }, { "name": "HPSBST02214", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "name": "ADV-2007-1712", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1712" }, { "name": "34399", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/34399" }, { "name": "ie-chtskdic-com-code-execution(33252)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33252" }, { "name": "1018019", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018019" }, { "name": "SSRT071422", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "name": "MS07-027", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027" }, { "name": "23769", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23769" }, { "name": "TA07-128A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-0942", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly \"instantiate certain COM objects as ActiveX controls,\" which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:1939", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939" }, { "name": "HPSBST02214", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "name": "ADV-2007-1712", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1712" }, { "name": "34399", "refsource": "OSVDB", "url": "http://www.osvdb.org/34399" }, { "name": "ie-chtskdic-com-code-execution(33252)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33252" }, { "name": "1018019", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018019" }, { "name": "SSRT071422", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "name": "MS07-027", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027" }, { "name": "23769", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23769" }, { "name": "TA07-128A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-0942", "datePublished": "2007-05-08T23:00:00", "dateReserved": "2007-02-14T00:00:00", "dateUpdated": "2024-08-07T12:34:21.379Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-2830 (GCVE-0-2005-2830)
Vulnerability from cvelistv5
Published
2005-12-14 11:00
Modified
2024-08-07 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:45:02.271Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "18064", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18064" }, { "name": "MS05-054", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "name": "oval:org.mitre.oval:def:1101", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101" }, { "name": "1015350", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015350" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "name": "15368", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/15368" }, { "name": "ADV-2005-2909", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "name": "oval:org.mitre.oval:def:1097", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097" }, { "name": "oval:org.mitre.oval:def:1435", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435" }, { "name": "18311", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18311" }, { "name": "ADV-2005-2867", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "name": "oval:org.mitre.oval:def:1143", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143" }, { "name": "ie-https-proxy-information-disclosure(23451)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23451" }, { "name": "15825", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15825" }, { "name": "oval:org.mitre.oval:def:1317", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317" }, { "name": "oval:org.mitre.oval:def:1521", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-12-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka \"HTTPS Proxy Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "18064", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18064" }, { "name": "MS05-054", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "name": "oval:org.mitre.oval:def:1101", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101" }, { "name": "1015350", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015350" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "name": "15368", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/15368" }, { "name": "ADV-2005-2909", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "name": "oval:org.mitre.oval:def:1097", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097" }, { "name": "oval:org.mitre.oval:def:1435", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435" }, { "name": "18311", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18311" }, { "name": "ADV-2005-2867", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "name": "oval:org.mitre.oval:def:1143", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143" }, { "name": "ie-https-proxy-information-disclosure(23451)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23451" }, { "name": "15825", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15825" }, { "name": "oval:org.mitre.oval:def:1317", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317" }, { "name": "oval:org.mitre.oval:def:1521", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2005-2830", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka \"HTTPS Proxy Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "18064", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18064" }, { "name": "MS05-054", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "name": "oval:org.mitre.oval:def:1101", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101" }, { "name": "1015350", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015350" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "name": "15368", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/15368" }, { "name": "ADV-2005-2909", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "name": "oval:org.mitre.oval:def:1097", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097" }, { "name": "oval:org.mitre.oval:def:1435", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435" }, { "name": "18311", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18311" }, { "name": "ADV-2005-2867", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "name": "oval:org.mitre.oval:def:1143", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143" }, { "name": "ie-https-proxy-information-disclosure(23451)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23451" }, { "name": "15825", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15825" }, { "name": "oval:org.mitre.oval:def:1317", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317" }, { "name": "oval:org.mitre.oval:def:1521", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521" }, { "name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420", "refsource": "MISC", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2005-2830", "datePublished": "2005-12-14T11:00:00", "dateReserved": "2005-09-07T00:00:00", "dateUpdated": "2024-08-07T22:45:02.271Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-4717 (GCVE-0-2005-4717)
Vulnerability from cvelistv5
Published
2006-02-15 11:00
Modified
2024-09-16 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T23:53:28.930Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20051101 new IE bug (confirmed on ALL windows)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html" }, { "name": "20051104 RE: new IE bug (confirmed on ALL windows)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html" }, { "name": "15268", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15268" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-02-15T11:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20051101 new IE bug (confirmed on ALL windows)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html" }, { "name": "20051104 RE: new IE bug (confirmed on ALL windows)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html" }, { "name": "15268", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15268" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4717", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20051101 new IE bug (confirmed on ALL windows)", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html" }, { "name": "20051104 RE: new IE bug (confirmed on ALL windows)", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html" }, { "name": "15268", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15268" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4717", "datePublished": "2006-02-15T11:00:00Z", "dateReserved": "2006-02-15T00:00:00Z", "dateUpdated": "2024-09-16T18:33:15.548Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-1999-0989 (GCVE-0-1999-0989)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:55:29.350Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "861", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/861" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "1999-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "861", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/861" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0989", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "861", "refsource": "BID", "url": "http://www.securityfocus.com/bid/861" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0989", "datePublished": "2000-01-04T05:00:00", "dateReserved": "1999-12-14T00:00:00", "dateUpdated": "2024-08-01T16:55:29.350Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-2433 (GCVE-0-2009-2433)
Vulnerability from cvelistv5
Published
2009-07-10 20:25
Modified
2024-08-07 05:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:52:14.629Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:12829", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829" }, { "name": "9100", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/9100" }, { "name": "35620", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35620" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-07-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:12829", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829" }, { "name": "9100", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/9100" }, { "name": "35620", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35620" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2433", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:12829", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829" }, { "name": "9100", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/9100" }, { "name": "35620", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35620" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2433", "datePublished": "2009-07-10T20:25:00", "dateReserved": "2009-07-10T00:00:00", "dateUpdated": "2024-08-07T05:52:14.629Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3873 (GCVE-0-2006-3873)
Vulnerability from cvelistv5
Published
2006-09-12 23:00
Modified
2024-08-07 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:48:39.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-url-compression-bo(28893)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "1555", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/1555" }, { "name": "20060912 [EEYEB-20080824] Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/445835/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://research.eeye.com/html/advisories/published/AD20060912.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://weblog.infoworld.com/techwatch/archives/007870.html" }, { "name": "1016839", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016839" }, { "name": "19987", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19987" }, { "name": "30834", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/30834" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-09-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "ie-url-compression-bo(28893)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "1555", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/1555" }, { "name": "20060912 [EEYEB-20080824] Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/445835/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://research.eeye.com/html/advisories/published/AD20060912.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://weblog.infoworld.com/techwatch/archives/007870.html" }, { "name": "1016839", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016839" }, { "name": "19987", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19987" }, { "name": "30834", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/30834" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-3873", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-url-compression-bo(28893)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893" }, { "name": "MS06-042", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "1555", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1555" }, { "name": "20060912 [EEYEB-20080824] Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/445835/100/0/threaded" }, { "name": "http://research.eeye.com/html/advisories/published/AD20060912.html", "refsource": "MISC", "url": "http://research.eeye.com/html/advisories/published/AD20060912.html" }, { "name": "http://weblog.infoworld.com/techwatch/archives/007870.html", "refsource": "MISC", "url": "http://weblog.infoworld.com/techwatch/archives/007870.html" }, { "name": "1016839", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016839" }, { "name": "19987", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19987" }, { "name": "30834", "refsource": "OSVDB", "url": "http://www.osvdb.org/30834" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-3873", "datePublished": "2006-09-12T23:00:00", "dateReserved": "2006-07-26T00:00:00", "dateUpdated": "2024-08-07T18:48:39.220Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-5347 (GCVE-0-2007-5347)
Vulnerability from cvelistv5
Published
2007-12-12 00:00
Modified
2024-08-07 15:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
References
► | URL | Tags | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T15:24:42.489Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:4332", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4332" }, { "name": "1019078", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1019078" }, { "name": "SSRT071506", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "28036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28036" }, { "name": "ie-dhtml-object-code-execution(38716)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38716" }, { "name": "26427", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/26427" }, { "name": "MS07-069", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "name": "ADV-2007-4184", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "name": "HPSBST02299", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "TA07-345A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-12-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via \"unexpected method calls to HTML objects,\" aka \"DHTML Object Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-15T20:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "oval:org.mitre.oval:def:4332", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4332" }, { "name": "1019078", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1019078" }, { "name": "SSRT071506", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "28036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28036" }, { "name": "ie-dhtml-object-code-execution(38716)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38716" }, { "name": "26427", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/26427" }, { "name": "MS07-069", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "name": "ADV-2007-4184", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "name": "HPSBST02299", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "TA07-345A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-5347", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via \"unexpected method calls to HTML objects,\" aka \"DHTML Object Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:4332", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4332" }, { "name": "1019078", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019078" }, { "name": "SSRT071506", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "28036", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28036" }, { "name": "ie-dhtml-object-code-execution(38716)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38716" }, { "name": "26427", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26427" }, { "name": "MS07-069", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "name": "ADV-2007-4184", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "name": "HPSBST02299", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "TA07-345A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-5347", "datePublished": "2007-12-12T00:00:00", "dateReserved": "2007-10-10T00:00:00", "dateUpdated": "2024-08-07T15:24:42.489Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0815 (GCVE-0-2003-0815)
Vulnerability from cvelistv5
Published
2004-01-14 05:00
Modified
2024-08-08 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:05:12.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "O-021", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred" ], "url": "http://www.ciac.org/ciac/bulletins/o-021.shtml" }, { "name": "20030910 MSIE-\u003eLinkillerJPU:another caller-based authorization(is broken).", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106321757619047\u0026w=2" }, { "name": "20030910 MSIE-\u003eLinkillerSaveRef:another caller-based authorization", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html" }, { "name": "oval:org.mitre.oval:def:351", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351" }, { "name": "ie-pointer-zone-bypass(13676)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13676" }, { "name": "oval:org.mitre.oval:def:472", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472" }, { "name": "7889", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/7889" }, { "name": "MS03-048", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "1007687", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1007687" }, { "name": "20030911 LiuDieYu\u0027s missing files are here.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/337086" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM" }, { "name": "oval:org.mitre.oval:def:353", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353" }, { "name": "oval:org.mitre.oval:def:359", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359" }, { "name": "20030910 MSIE-\u003eFindeath: break caller-based authorization", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106322542104656\u0026w=2" }, { "name": "oval:org.mitre.oval:def:356", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356" }, { "name": "9014", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9014" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM" }, { "name": "oval:org.mitre.oval:def:357", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357" }, { "name": "oval:org.mitre.oval:def:352", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352" }, { "name": "7888", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/7888" }, { "name": "10192", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10192" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-09-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the \"Function Pointer Override Cross Domain\" vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "O-021", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC" ], "url": "http://www.ciac.org/ciac/bulletins/o-021.shtml" }, { "name": "20030910 MSIE-\u003eLinkillerJPU:another caller-based authorization(is broken).", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106321757619047\u0026w=2" }, { "name": "20030910 MSIE-\u003eLinkillerSaveRef:another caller-based authorization", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html" }, { "name": "oval:org.mitre.oval:def:351", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351" }, { "name": "ie-pointer-zone-bypass(13676)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13676" }, { "name": "oval:org.mitre.oval:def:472", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472" }, { "name": "7889", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/7889" }, { "name": "MS03-048", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "1007687", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1007687" }, { "name": "20030911 LiuDieYu\u0027s missing files are here.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/337086" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM" }, { "name": "oval:org.mitre.oval:def:353", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353" }, { "name": "oval:org.mitre.oval:def:359", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359" }, { "name": "20030910 MSIE-\u003eFindeath: break caller-based authorization", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106322542104656\u0026w=2" }, { "name": "oval:org.mitre.oval:def:356", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356" }, { "name": "9014", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9014" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM" }, { "name": "oval:org.mitre.oval:def:357", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357" }, { "name": "oval:org.mitre.oval:def:352", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352" }, { "name": "7888", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/7888" }, { "name": "10192", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10192" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0815", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the \"Function Pointer Override Cross Domain\" vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "O-021", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/o-021.shtml" }, { "name": "20030910 MSIE-\u003eLinkillerJPU:another caller-based authorization(is broken).", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106321757619047\u0026w=2" }, { "name": "20030910 MSIE-\u003eLinkillerSaveRef:another caller-based authorization", "refsource": "BUGTRAQ", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html" }, { "name": "oval:org.mitre.oval:def:351", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351" }, { "name": "ie-pointer-zone-bypass(13676)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13676" }, { "name": "oval:org.mitre.oval:def:472", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472" }, { "name": "7889", "refsource": "OSVDB", "url": "http://www.osvdb.org/7889" }, { "name": "MS03-048", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "1007687", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1007687" }, { "name": "20030911 LiuDieYu\u0027s missing files are here.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/337086" }, { "name": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM", "refsource": "MISC", "url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM" }, { "name": "oval:org.mitre.oval:def:353", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353" }, { "name": "oval:org.mitre.oval:def:359", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359" }, { "name": "20030910 MSIE-\u003eFindeath: break caller-based authorization", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106322542104656\u0026w=2" }, { "name": "oval:org.mitre.oval:def:356", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356" }, { "name": "9014", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9014" }, { "name": "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM", "refsource": "MISC", "url": "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM" }, { "name": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM", "refsource": "MISC", "url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM" }, { "name": "oval:org.mitre.oval:def:357", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357" }, { "name": "oval:org.mitre.oval:def:352", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352" }, { "name": "7888", "refsource": "OSVDB", "url": "http://www.osvdb.org/7888" }, { "name": "10192", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10192" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0815", "datePublished": "2004-01-14T05:00:00", "dateReserved": "2003-09-18T00:00:00", "dateUpdated": "2024-08-08T02:05:12.551Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-4679 (GCVE-0-2005-4679)
Vulnerability from cvelistv5
Published
2006-02-01 02:00
Modified
2024-09-16 18:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T23:53:28.692Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "17565", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17565" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-02-01T02:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "17565", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17565" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4679", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "17565", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17565" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4679", "datePublished": "2006-02-01T02:00:00Z", "dateReserved": "2006-01-31T00:00:00Z", "dateUpdated": "2024-09-16T18:49:01.301Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-1328 (GCVE-0-2003-1328)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 02:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:28:01.665Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:57", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57" }, { "name": "N-038", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred" ], "url": "http://www.ciac.org/ciac/bulletins/n-038.shtml" }, { "name": "6780", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6780" }, { "name": "VU#400577", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/400577" }, { "name": "20030206 showHelp(\"file:\") disables security in IE - Sandblad advisory #11", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html" }, { "name": "ie-showhelp-zone-bypass(11259)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/11259.php" }, { "name": "MS03-004", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka \"Improper Cross Domain Security Validation with ShowHelp functionality.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2007-11-13T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:57", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57" }, { "name": "N-038", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC" ], "url": "http://www.ciac.org/ciac/bulletins/n-038.shtml" }, { "name": "6780", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/6780" }, { "name": "VU#400577", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/400577" }, { "name": "20030206 showHelp(\"file:\") disables security in IE - Sandblad advisory #11", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html" }, { "name": "ie-showhelp-zone-bypass(11259)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/11259.php" }, { "name": "MS03-004", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1328", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka \"Improper Cross Domain Security Validation with ShowHelp functionality.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:57", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57" }, { "name": "N-038", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/n-038.shtml" }, { "name": "6780", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6780" }, { "name": "VU#400577", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/400577" }, { "name": "20030206 showHelp(\"file:\") disables security in IE - Sandblad advisory #11", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html" }, { "name": "ie-showhelp-zone-bypass(11259)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/11259.php" }, { "name": "MS03-004", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1328", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2003-02-06T00:00:00", "dateUpdated": "2024-08-08T02:28:01.665Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-2281 (GCVE-0-2008-2281)
Vulnerability from cvelistv5
Published
2008-05-18 14:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:58:00.996Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "5619", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/5619" }, { "name": "ie-printtableoflinks-code-execution(42416)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42416" }, { "name": "ADV-2008-1529", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1529/references" }, { "name": "30141", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30141" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx" }, { "name": "29217", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/29217" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-05-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "5619", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/5619" }, { "name": "ie-printtableoflinks-code-execution(42416)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42416" }, { "name": "ADV-2008-1529", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1529/references" }, { "name": "30141", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30141" }, { "tags": [ "x_refsource_MISC" ], "url": "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx" }, { "name": "29217", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/29217" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2281", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "5619", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5619" }, { "name": "ie-printtableoflinks-code-execution(42416)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42416" }, { "name": "ADV-2008-1529", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1529/references" }, { "name": "30141", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30141" }, { "name": "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx", "refsource": "MISC", "url": "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx" }, { "name": "29217", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29217" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2281", "datePublished": "2008-05-18T14:00:00", "dateReserved": "2008-05-18T00:00:00", "dateUpdated": "2024-08-07T08:58:00.996Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0532 (GCVE-0-2003-0532)
Vulnerability from cvelistv5
Published
2003-08-22 04:00
Modified
2024-08-08 01:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:58:11.098Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#865940", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/865940" }, { "name": "MS03-032", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.eeye.com/html/Research/Advisories/AD20030820.html" }, { "name": "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability", "tags": [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html" }, { "name": "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106149026621753\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-08-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the \"Object Type\" vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "VU#865940", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/865940" }, { "name": "MS03-032", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.eeye.com/html/Research/Advisories/AD20030820.html" }, { "name": "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability", "tags": [ "mailing-list", "x_refsource_VULNWATCH" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html" }, { "name": "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106149026621753\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0532", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the \"Object Type\" vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#865940", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/865940" }, { "name": "MS03-032", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "name": "http://www.eeye.com/html/Research/Advisories/AD20030820.html", "refsource": "MISC", "url": "http://www.eeye.com/html/Research/Advisories/AD20030820.html" }, { "name": "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html" }, { "name": "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106149026621753\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0532", "datePublished": "2003-08-22T04:00:00", "dateReserved": "2003-07-08T00:00:00", "dateUpdated": "2024-08-08T01:58:11.098Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-0053 (GCVE-0-2005-0053)
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:57:41.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MS05-008", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008" }, { "name": "oval:org.mitre.oval:def:4726", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4726" }, { "name": "MS05-014", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "name": "oval:org.mitre.oval:def:4864", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4864" }, { "name": "oval:org.mitre.oval:def:1334", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1334" }, { "name": "oval:org.mitre.oval:def:2046", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2046" }, { "name": "oval:org.mitre.oval:def:2953", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2953" }, { "name": "TA05-039A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "name": "VU#698835", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/698835" }, { "name": "oval:org.mitre.oval:def:1015", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015" }, { "name": "11466", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11466" }, { "name": "oval:org.mitre.oval:def:3006", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3006" }, { "name": "ie-dragdrop-gain-privileges(19117)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19117" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the \"Drag-and-Drop Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "MS05-008", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008" }, { "name": "oval:org.mitre.oval:def:4726", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4726" }, { "name": "MS05-014", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "name": "oval:org.mitre.oval:def:4864", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4864" }, { "name": "oval:org.mitre.oval:def:1334", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1334" }, { "name": "oval:org.mitre.oval:def:2046", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2046" }, { "name": "oval:org.mitre.oval:def:2953", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2953" }, { "name": "TA05-039A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "name": "VU#698835", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/698835" }, { "name": "oval:org.mitre.oval:def:1015", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015" }, { "name": "11466", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11466" }, { "name": "oval:org.mitre.oval:def:3006", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3006" }, { "name": "ie-dragdrop-gain-privileges(19117)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19117" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0053", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the \"Drag-and-Drop Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MS05-008", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008" }, { "name": "oval:org.mitre.oval:def:4726", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4726" }, { "name": "MS05-014", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "name": "oval:org.mitre.oval:def:4864", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4864" }, { "name": "oval:org.mitre.oval:def:1334", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1334" }, { "name": "oval:org.mitre.oval:def:2046", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2046" }, { "name": "oval:org.mitre.oval:def:2953", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2953" }, { "name": "TA05-039A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "name": "VU#698835", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/698835" }, { "name": "oval:org.mitre.oval:def:1015", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015" }, { "name": "11466", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11466" }, { "name": "oval:org.mitre.oval:def:3006", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3006" }, { "name": "ie-dragdrop-gain-privileges(19117)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19117" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0053", "datePublished": "2005-02-08T05:00:00", "dateReserved": "2005-01-11T00:00:00", "dateUpdated": "2024-08-07T20:57:41.182Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-4495 (GCVE-0-2006-4495)
Vulnerability from cvelistv5
Published
2006-08-31 22:00
Modified
2024-08-07 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:14:47.681Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1474", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/1474" }, { "name": "19636", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19636" }, { "name": "20060821 [XSec-06-08]: Windows 2000 Multiple COM Object Instantiation Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/443896/100/100/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=16" }, { "name": "ie-win2k-com-dos(28512)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28512" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1474", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/1474" }, { "name": "19636", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19636" }, { "name": "20060821 [XSec-06-08]: Windows 2000 Multiple COM Object Instantiation Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/443896/100/100/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=16" }, { "name": "ie-win2k-com-dos(28512)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28512" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4495", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1474", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1474" }, { "name": "19636", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19636" }, { "name": "20060821 [XSec-06-08]: Windows 2000 Multiple COM Object Instantiation Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/443896/100/100/threaded" }, { "name": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=16", "refsource": "MISC", "url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=16" }, { "name": "ie-win2k-com-dos(28512)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28512" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4495", "datePublished": "2006-08-31T22:00:00", "dateReserved": "2006-08-31T00:00:00", "dateUpdated": "2024-08-07T19:14:47.681Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-0356 (GCVE-0-2007-0356)
Vulnerability from cvelistv5
Published
2007-01-19 01:00
Modified
2024-08-07 12:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:12:18.215Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "22092", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22092" }, { "name": "3142", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/3142" }, { "name": "ie-ccrp-dos(31549)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31549" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-01-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "22092", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22092" }, { "name": "3142", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/3142" }, { "name": "ie-ccrp-dos(31549)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31549" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0356", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "22092", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22092" }, { "name": "3142", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3142" }, { "name": "ie-ccrp-dos(31549)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31549" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0356", "datePublished": "2007-01-19T01:00:00", "dateReserved": "2007-01-18T00:00:00", "dateUpdated": "2024-08-07T12:12:18.215Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-0811 (GCVE-0-2007-0811)
Vulnerability from cvelistv5
Published
2007-02-07 11:00
Modified
2024-08-07 12:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:34:21.022Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "37636", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/37636" }, { "name": "22408", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22408" }, { "name": "3272", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/3272" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.powerhacker.net/exploit/IE_NULL_CRASH.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "37636", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/37636" }, { "name": "22408", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22408" }, { "name": "3272", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/3272" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.powerhacker.net/exploit/IE_NULL_CRASH.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0811", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "37636", "refsource": "OSVDB", "url": "http://osvdb.org/37636" }, { "name": "22408", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22408" }, { "name": "3272", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3272" }, { "name": "http://www.powerhacker.net/exploit/IE_NULL_CRASH.html", "refsource": "MISC", "url": "http://www.powerhacker.net/exploit/IE_NULL_CRASH.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0811", "datePublished": "2007-02-07T11:00:00", "dateReserved": "2007-02-07T00:00:00", "dateUpdated": "2024-08-07T12:34:21.022Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-1185 (GCVE-0-2006-1185)
Vulnerability from cvelistv5
Published
2006-04-11 23:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:03:28.268Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "18957", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18957" }, { "name": "1015900", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015900" }, { "name": "oval:org.mitre.oval:def:1677", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677" }, { "name": "oval:org.mitre.oval:def:787", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787" }, { "name": "TA06-101A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "oval:org.mitre.oval:def:1711", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711" }, { "name": "17450", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/17450" }, { "name": "ie-html-execute-code(25542)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542" }, { "name": "VU#503124", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/503124" }, { "name": "MS06-013", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "ADV-2006-1318", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/1318" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-04-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "18957", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18957" }, { "name": "1015900", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015900" }, { "name": "oval:org.mitre.oval:def:1677", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677" }, { "name": "oval:org.mitre.oval:def:787", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787" }, { "name": "TA06-101A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "oval:org.mitre.oval:def:1711", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711" }, { "name": "17450", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/17450" }, { "name": "ie-html-execute-code(25542)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542" }, { "name": "VU#503124", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/503124" }, { "name": "MS06-013", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "ADV-2006-1318", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/1318" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-1185", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "18957", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18957" }, { "name": "1015900", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015900" }, { "name": "oval:org.mitre.oval:def:1677", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677" }, { "name": "oval:org.mitre.oval:def:787", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787" }, { "name": "TA06-101A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "oval:org.mitre.oval:def:1711", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711" }, { "name": "17450", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17450" }, { "name": "ie-html-execute-code(25542)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542" }, { "name": "VU#503124", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/503124" }, { "name": "MS06-013", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "ADV-2006-1318", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1318" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-1185", "datePublished": "2006-04-11T23:00:00", "dateReserved": "2006-03-13T00:00:00", "dateUpdated": "2024-08-07T17:03:28.268Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0513 (GCVE-0-2003-0513)
Vulnerability from cvelistv5
Published
2004-03-16 05:00
Modified
2024-08-08 01:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:58:10.954Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html" }, { "name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "tags": [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-03-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2004-03-18T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html" }, { "name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "tags": [ "mailing-list", "x_refsource_VULNWATCH" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0513", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html" }, { "name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0513", "datePublished": "2004-03-16T05:00:00", "dateReserved": "2003-07-07T00:00:00", "dateUpdated": "2024-08-08T01:58:10.954Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0701 (GCVE-0-2003-0701)
Vulnerability from cvelistv5
Published
2003-08-22 04:00
Modified
2024-08-08 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:05:12.252Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#334928", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/334928" }, { "name": "ie-dbcs-object-bo(12970)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12970" }, { "name": "MS03-032", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "name": "20030820 [SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106148101210479\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-08-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "VU#334928", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/334928" }, { "name": "ie-dbcs-object-bo(12970)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12970" }, { "name": "MS03-032", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "name": "20030820 [SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106148101210479\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0701", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#334928", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/334928" }, { "name": "ie-dbcs-object-bo(12970)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12970" }, { "name": "MS03-032", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "name": "20030820 [SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106148101210479\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0701", "datePublished": "2003-08-22T04:00:00", "dateReserved": "2003-08-21T00:00:00", "dateUpdated": "2024-08-08T02:05:12.252Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-1303 (GCVE-0-2006-1303)
Vulnerability from cvelistv5
Published
2006-06-13 19:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:03:28.986Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "18328", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18328" }, { "name": "oval:org.mitre.oval:def:1135", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1135" }, { "name": "VU#959049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html" }, { "name": "20595", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20595" }, { "name": "ADV-2006-2319", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "name": "1016291", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016291" }, { "name": "20060613 ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/437041/100/0/threaded" }, { "name": "ie-wmm2fxadll-execute-code(26774)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26774" }, { "name": "oval:org.mitre.oval:def:1767", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1767" }, { "name": "oval:org.mitre.oval:def:2017", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2017" }, { "name": "oval:org.mitre.oval:def:1973", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1973" }, { "name": "oval:org.mitre.oval:def:1928", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1928" }, { "name": "oval:org.mitre.oval:def:1830", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1830" }, { "name": "MS06-021", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" }, { "name": "26442", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/26442" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-06-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "18328", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18328" }, { "name": "oval:org.mitre.oval:def:1135", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1135" }, { "name": "VU#959049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html" }, { "name": "20595", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20595" }, { "name": "ADV-2006-2319", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "name": "1016291", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016291" }, { "name": "20060613 ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/437041/100/0/threaded" }, { "name": "ie-wmm2fxadll-execute-code(26774)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26774" }, { "name": "oval:org.mitre.oval:def:1767", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1767" }, { "name": "oval:org.mitre.oval:def:2017", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2017" }, { "name": "oval:org.mitre.oval:def:1973", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1973" }, { "name": "oval:org.mitre.oval:def:1928", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1928" }, { "name": "oval:org.mitre.oval:def:1830", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1830" }, { "name": "MS06-021", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" }, { "name": "26442", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/26442" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-1303", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "18328", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18328" }, { "name": "oval:org.mitre.oval:def:1135", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1135" }, { "name": "VU#959049", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/959049" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html" }, { "name": "20595", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20595" }, { "name": "ADV-2006-2319", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "name": "1016291", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016291" }, { "name": "20060613 ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/437041/100/0/threaded" }, { "name": "ie-wmm2fxadll-execute-code(26774)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26774" }, { "name": "oval:org.mitre.oval:def:1767", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1767" }, { "name": "oval:org.mitre.oval:def:2017", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2017" }, { "name": "oval:org.mitre.oval:def:1973", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1973" }, { "name": "oval:org.mitre.oval:def:1928", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1928" }, { "name": "oval:org.mitre.oval:def:1830", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1830" }, { "name": "MS06-021", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" }, { "name": "26442", "refsource": "OSVDB", "url": "http://www.osvdb.org/26442" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-1303", "datePublished": "2006-06-13T19:00:00", "dateReserved": "2006-03-20T00:00:00", "dateUpdated": "2024-08-07T17:03:28.986Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-4560 (GCVE-0-2006-4560)
Vulnerability from cvelistv5
Published
2006-09-06 00:00
Modified
2024-08-07 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:14:47.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20060814 (somewhat) breaking the same-origin policy by undermining dns-pinning", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/443209/100/200/threaded" }, { "name": "31329", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/31329" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://shampoo.antville.org/stories/1451301/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://polyboy.net/xss/dnsslurp.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser\u0027s session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker\u0027s control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20060814 (somewhat) breaking the same-origin policy by undermining dns-pinning", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/443209/100/200/threaded" }, { "name": "31329", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/31329" }, { "tags": [ "x_refsource_MISC" ], "url": "http://shampoo.antville.org/stories/1451301/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://polyboy.net/xss/dnsslurp.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4560", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser\u0027s session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker\u0027s control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20060814 (somewhat) breaking the same-origin policy by undermining dns-pinning", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/443209/100/200/threaded" }, { "name": "31329", "refsource": "OSVDB", "url": "http://www.osvdb.org/31329" }, { "name": "http://shampoo.antville.org/stories/1451301/", "refsource": "MISC", "url": "http://shampoo.antville.org/stories/1451301/" }, { "name": "http://polyboy.net/xss/dnsslurp.html", "refsource": "MISC", "url": "http://polyboy.net/xss/dnsslurp.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4560", "datePublished": "2006-09-06T00:00:00", "dateReserved": "2006-09-05T00:00:00", "dateUpdated": "2024-08-07T19:14:47.371Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-3903 (GCVE-0-2007-3903)
Vulnerability from cvelistv5
Published
2007-12-12 00:00
Modified
2024-08-07 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T14:37:06.081Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1019078", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1019078" }, { "name": "20071211 ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/484888/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-074.html" }, { "name": "SSRT071506", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "28036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28036" }, { "name": "oval:org.mitre.oval:def:4553", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553" }, { "name": "MS07-069", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "name": "ADV-2007-4184", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "name": "HPSBST02299", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "ie-clonenode-nodevalue-code-execution(38714)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38714" }, { "name": "TA07-345A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "name": "26816", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/26816" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-12-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of \"Uninitialized Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-15T20:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "1019078", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1019078" }, { "name": "20071211 ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/484888/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-074.html" }, { "name": "SSRT071506", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "28036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28036" }, { "name": "oval:org.mitre.oval:def:4553", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553" }, { "name": "MS07-069", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "name": "ADV-2007-4184", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "name": "HPSBST02299", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "ie-clonenode-nodevalue-code-execution(38714)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38714" }, { "name": "TA07-345A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "name": "26816", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/26816" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-3903", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of \"Uninitialized Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1019078", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019078" }, { "name": "20071211 ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/484888/100/0/threaded" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-074.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-074.html" }, { "name": "SSRT071506", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "28036", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28036" }, { "name": "oval:org.mitre.oval:def:4553", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553" }, { "name": "MS07-069", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "name": "ADV-2007-4184", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "name": "HPSBST02299", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "name": "ie-clonenode-nodevalue-code-execution(38714)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38714" }, { "name": "TA07-345A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "name": "26816", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26816" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-3903", "datePublished": "2007-12-12T00:00:00", "dateReserved": "2007-07-19T00:00:00", "dateUpdated": "2024-08-07T14:37:06.081Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0816 (GCVE-0-2003-0816)
Vulnerability from cvelistv5
Published
2004-01-14 05:00
Modified
2024-08-08 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:05:12.561Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20030910 MSIE-\u003eWsFakeSrc", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2" }, { "name": "20030910 MSIE-\u003eWsOpenJpuInHistory", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html" }, { "name": "oval:org.mitre.oval:def:362", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362" }, { "name": "oval:org.mitre.oval:def:361", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361" }, { "name": "oval:org.mitre.oval:def:416", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416" }, { "name": "20030910 MSIE-\u003eWsBASEjpu", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM" }, { "name": "20030910 MSIE-\u003eNAFjpuInHistory", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2" }, { "name": "VU#771604", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/771604" }, { "name": "20030910 MSIE-\u003eBackMyParent2:Multi-Thread version", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2" }, { "name": "MS03-048", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "1007687", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1007687" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm" }, { "name": "oval:org.mitre.oval:def:409", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409" }, { "name": "oval:org.mitre.oval:def:479", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479" }, { "name": "20030911 LiuDieYu\u0027s missing files are here.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/337086" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm" }, { "name": "oval:org.mitre.oval:def:459", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459" }, { "name": "20030910 MSIE-\u003eNAFfileJPU", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/336937" }, { "name": "20030910 MSIE-\u003eWsOpenFileJPU", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2" }, { "name": "20030910 MSIE-\u003eRefBack", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM" }, { "name": "oval:org.mitre.oval:def:363", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM" }, { "name": "10192", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10192" }, { "name": "VU#652452", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/652452" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-09-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20030910 MSIE-\u003eWsFakeSrc", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2" }, { "name": "20030910 MSIE-\u003eWsOpenJpuInHistory", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html" }, { "name": "oval:org.mitre.oval:def:362", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362" }, { "name": "oval:org.mitre.oval:def:361", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361" }, { "name": "oval:org.mitre.oval:def:416", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416" }, { "name": "20030910 MSIE-\u003eWsBASEjpu", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM" }, { "name": "20030910 MSIE-\u003eNAFjpuInHistory", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2" }, { "name": "VU#771604", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/771604" }, { "name": "20030910 MSIE-\u003eBackMyParent2:Multi-Thread version", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2" }, { "name": "MS03-048", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "1007687", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1007687" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm" }, { "name": "oval:org.mitre.oval:def:409", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409" }, { "name": "oval:org.mitre.oval:def:479", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479" }, { "name": "20030911 LiuDieYu\u0027s missing files are here.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/337086" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm" }, { "name": "oval:org.mitre.oval:def:459", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459" }, { "name": "20030910 MSIE-\u003eNAFfileJPU", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/336937" }, { "name": "20030910 MSIE-\u003eWsOpenFileJPU", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2" }, { "name": "20030910 MSIE-\u003eRefBack", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM" }, { "name": "oval:org.mitre.oval:def:363", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM" }, { "name": "10192", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10192" }, { "name": "VU#652452", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/652452" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0816", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20030910 MSIE-\u003eWsFakeSrc", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2" }, { "name": "20030910 MSIE-\u003eWsOpenJpuInHistory", "refsource": "BUGTRAQ", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html" }, { "name": "oval:org.mitre.oval:def:362", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362" }, { "name": "oval:org.mitre.oval:def:361", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361" }, { "name": "oval:org.mitre.oval:def:416", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416" }, { "name": "20030910 MSIE-\u003eWsBASEjpu", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2" }, { "name": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM", "refsource": "MISC", "url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM" }, { "name": "20030910 MSIE-\u003eNAFjpuInHistory", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2" }, { "name": "VU#771604", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/771604" }, { "name": "20030910 MSIE-\u003eBackMyParent2:Multi-Thread version", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2" }, { "name": "MS03-048", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "1007687", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1007687" }, { "name": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM", "refsource": "MISC", "url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM" }, { "name": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm", "refsource": "MISC", "url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm" }, { "name": "oval:org.mitre.oval:def:409", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409" }, { "name": "oval:org.mitre.oval:def:479", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479" }, { "name": "20030911 LiuDieYu\u0027s missing files are here.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/337086" }, { "name": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm", "refsource": "MISC", "url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm" }, { "name": "oval:org.mitre.oval:def:459", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459" }, { "name": "20030910 MSIE-\u003eNAFfileJPU", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/336937" }, { "name": "20030910 MSIE-\u003eWsOpenFileJPU", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2" }, { "name": "20030910 MSIE-\u003eRefBack", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2" }, { "name": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM", "refsource": "MISC", "url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM" }, { "name": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM", "refsource": "MISC", "url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM" }, { "name": "oval:org.mitre.oval:def:363", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363" }, { "name": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM", "refsource": "MISC", "url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM" }, { "name": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM", "refsource": "MISC", "url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM" }, { "name": "10192", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10192" }, { "name": "VU#652452", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/652452" }, { "name": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM", "refsource": "MISC", "url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0816", "datePublished": "2004-01-14T05:00:00", "dateReserved": "2003-09-18T00:00:00", "dateUpdated": "2024-08-08T02:05:12.561Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0814 (GCVE-0-2003-0814)
Vulnerability from cvelistv5
Published
2004-01-14 05:00
Modified
2024-08-08 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:05:12.680Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm" }, { "name": "oval:org.mitre.oval:def:335", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335" }, { "name": "oval:org.mitre.oval:def:342", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342" }, { "name": "MS03-048", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "1007687", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1007687" }, { "name": "oval:org.mitre.oval:def:392", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392" }, { "name": "oval:org.mitre.oval:def:341", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341" }, { "name": "20030911 LiuDieYu\u0027s missing files are here.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/337086" }, { "name": "oval:org.mitre.oval:def:344", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344" }, { "name": "oval:org.mitre.oval:def:349", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349" }, { "name": "oval:org.mitre.oval:def:343", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343" }, { "name": "20030910 MSIE-\u003eBodyRefreshLoadsJPU:refresh is a new navigation method", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html" }, { "name": "VU#326412", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/326412" }, { "name": "10192", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10192" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-09-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window\u0027s \"href\" to the malicious Javascript, then calling execCommand(\"Refresh\") to refresh the page, aka BodyRefreshLoadsJPU or the \"ExecCommand Cross Domain\" vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm" }, { "name": "oval:org.mitre.oval:def:335", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335" }, { "name": "oval:org.mitre.oval:def:342", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342" }, { "name": "MS03-048", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "1007687", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1007687" }, { "name": "oval:org.mitre.oval:def:392", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392" }, { "name": "oval:org.mitre.oval:def:341", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341" }, { "name": "20030911 LiuDieYu\u0027s missing files are here.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/337086" }, { "name": "oval:org.mitre.oval:def:344", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344" }, { "name": "oval:org.mitre.oval:def:349", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349" }, { "name": "oval:org.mitre.oval:def:343", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343" }, { "name": "20030910 MSIE-\u003eBodyRefreshLoadsJPU:refresh is a new navigation method", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html" }, { "name": "VU#326412", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/326412" }, { "name": "10192", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10192" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0814", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window\u0027s \"href\" to the malicious Javascript, then calling execCommand(\"Refresh\") to refresh the page, aka BodyRefreshLoadsJPU or the \"ExecCommand Cross Domain\" vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm", "refsource": "MISC", "url": "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm" }, { "name": "oval:org.mitre.oval:def:335", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335" }, { "name": "oval:org.mitre.oval:def:342", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342" }, { "name": "MS03-048", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "1007687", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1007687" }, { "name": "oval:org.mitre.oval:def:392", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392" }, { "name": "oval:org.mitre.oval:def:341", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341" }, { "name": "20030911 LiuDieYu\u0027s missing files are here.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/337086" }, { "name": "oval:org.mitre.oval:def:344", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344" }, { "name": "oval:org.mitre.oval:def:349", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349" }, { "name": "oval:org.mitre.oval:def:343", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343" }, { "name": "20030910 MSIE-\u003eBodyRefreshLoadsJPU:refresh is a new navigation method", "refsource": "BUGTRAQ", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html" }, { "name": "VU#326412", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/326412" }, { "name": "10192", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10192" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0814", "datePublished": "2004-01-14T05:00:00", "dateReserved": "2003-09-18T00:00:00", "dateUpdated": "2024-08-08T02:05:12.680Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3943 (GCVE-0-2006-3943)
Vulnerability from cvelistv5
Published
2006-07-31 23:00
Modified
2024-08-07 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:48:39.409Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html" }, { "name": "ie-rgb-properties-dos(28046)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28046" }, { "name": "27530", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/27530" }, { "name": "19184", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19184" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-27T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html" }, { "name": "ie-rgb-properties-dos(28046)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28046" }, { "name": "27530", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/27530" }, { "name": "19184", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19184" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3943", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html", "refsource": "MISC", "url": "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html" }, { "name": "ie-rgb-properties-dos(28046)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28046" }, { "name": "27530", "refsource": "OSVDB", "url": "http://www.osvdb.org/27530" }, { "name": "19184", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19184" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3943", "datePublished": "2006-07-31T23:00:00", "dateReserved": "2006-07-31T00:00:00", "dateUpdated": "2024-08-07T18:48:39.409Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-0217 (GCVE-0-2007-0217)
Vulnerability from cvelistv5
Published
2007-02-13 22:00
Modified
2024-08-07 12:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:12:17.309Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20070213 Microsoft \u0027wininet.dll\u0027 FTP Reply Null Termination Heap Corruption Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473" }, { "name": "31892", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/31892" }, { "name": "22489", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22489" }, { "name": "VU#613564", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/613564" }, { "name": "TA07-044A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "name": "1017642", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1017642" }, { "name": "ADV-2007-0584", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "name": "24156", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24156" }, { "name": "MS07-016", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "name": "20070309 MS07-016 FTP Response DOS PoC", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1141", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-02-13T00:00:00", "descriptions": [ { "lang": "en", "value": "The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "20070213 Microsoft \u0027wininet.dll\u0027 FTP Reply Null Termination Heap Corruption Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473" }, { "name": "31892", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/31892" }, { "name": "22489", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22489" }, { "name": "VU#613564", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/613564" }, { "name": "TA07-044A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "name": "1017642", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1017642" }, { "name": "ADV-2007-0584", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "name": "24156", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24156" }, { "name": "MS07-016", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "name": "20070309 MS07-016 FTP Response DOS PoC", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1141", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-0217", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20070213 Microsoft \u0027wininet.dll\u0027 FTP Reply Null Termination Heap Corruption Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473" }, { "name": "31892", "refsource": "OSVDB", "url": "http://www.osvdb.org/31892" }, { "name": "22489", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22489" }, { "name": "VU#613564", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/613564" }, { "name": "TA07-044A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "name": "1017642", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017642" }, { "name": "ADV-2007-0584", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "name": "24156", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24156" }, { "name": "MS07-016", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "name": "20070309 MS07-016 FTP Response DOS PoC", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1141", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-0217", "datePublished": "2007-02-13T22:00:00", "dateReserved": "2007-01-12T00:00:00", "dateUpdated": "2024-08-07T12:12:17.309Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2010-5071 (GCVE-0-2010-5071)
Vulnerability from cvelistv5
Published
2011-12-07 19:00
Modified
2024-09-16 23:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T04:09:38.985Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://w2spconf.com/2010/papers/p26.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2011-12-07T19:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://w2spconf.com/2010/papers/p26.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-5071", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://w2spconf.com/2010/papers/p26.pdf", "refsource": "MISC", "url": "http://w2spconf.com/2010/papers/p26.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-5071", "datePublished": "2011-12-07T19:00:00Z", "dateReserved": "2011-12-07T00:00:00Z", "dateUpdated": "2024-09-16T23:31:42.872Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0839 (GCVE-0-2004-0839)
Vulnerability from cvelistv5
Published
2004-09-14 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:47.171Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:7721", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721" }, { "name": "10973", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/10973" }, { "name": "20040824 What A Drag! -revisited-", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "oval:org.mitre.oval:def:6272", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272" }, { "name": "20040818 What A Drag II XP SP2", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html" }, { "name": "oval:org.mitre.oval:def:2073", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073" }, { "name": "20040818 What A Drag II XP SP2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "oval:org.mitre.oval:def:4152", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152" }, { "name": "oval:org.mitre.oval:def:3773", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773" }, { "name": "VU#526089", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/526089" }, { "name": "ie-dragdrop-code-execution(17044)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044" }, { "name": "oval:org.mitre.oval:def:1563", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-08-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:7721", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721" }, { "name": "10973", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/10973" }, { "name": "20040824 What A Drag! -revisited-", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "oval:org.mitre.oval:def:6272", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272" }, { "name": "20040818 What A Drag II XP SP2", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html" }, { "name": "oval:org.mitre.oval:def:2073", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073" }, { "name": "20040818 What A Drag II XP SP2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "oval:org.mitre.oval:def:4152", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152" }, { "name": "oval:org.mitre.oval:def:3773", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773" }, { "name": "VU#526089", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/526089" }, { "name": "ie-dragdrop-code-execution(17044)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044" }, { "name": "oval:org.mitre.oval:def:1563", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0839", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:7721", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721" }, { "name": "10973", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10973" }, { "name": "20040824 What A Drag! -revisited-", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2" }, { "name": "MS04-038", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "oval:org.mitre.oval:def:6272", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272" }, { "name": "20040818 What A Drag II XP SP2", "refsource": "FULLDISC", "url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html" }, { "name": "oval:org.mitre.oval:def:2073", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073" }, { "name": "20040818 What A Drag II XP SP2", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2" }, { "name": "TA04-293A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "oval:org.mitre.oval:def:4152", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152" }, { "name": "oval:org.mitre.oval:def:3773", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773" }, { "name": "VU#526089", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/526089" }, { "name": "ie-dragdrop-code-execution(17044)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044" }, { "name": "oval:org.mitre.oval:def:1563", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0839", "datePublished": "2004-09-14T04:00:00", "dateReserved": "2004-09-08T00:00:00", "dateUpdated": "2024-08-08T00:31:47.171Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-1091 (GCVE-0-2007-1091)
Vulnerability from cvelistv5
Published
2007-02-26 11:00
Modified
2024-08-07 12:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:43:22.558Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://lcamtuf.coredump.cx/ietrap" }, { "name": "22680", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22680" }, { "name": "ADV-2007-0713", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0713" }, { "name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded" }, { "name": "ie-mozilla-onunload-dos(32647)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647" }, { "name": "HPSBST02280", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" }, { "name": "23014", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23014" }, { "name": "SSRT071480", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" }, { "name": "ie-mozilla-onunload-url-spoofing(32649)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649" }, { "name": "oval:org.mitre.oval:def:2162", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162" }, { "name": "20070223 Secunia Research: Internet Explorer 7 \"onunload\" Event SpoofingVulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded" }, { "name": "1018788", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1018788" }, { "name": "2291", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2291" }, { "name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html" }, { "name": "MS07-057", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057" }, { "name": "TA07-282A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://lcamtuf.coredump.cx/ietrap" }, { "name": "22680", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22680" }, { "name": "ADV-2007-0713", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0713" }, { "name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded" }, { "name": "ie-mozilla-onunload-dos(32647)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647" }, { "name": "HPSBST02280", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" }, { "name": "23014", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23014" }, { "name": "SSRT071480", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" }, { "name": "ie-mozilla-onunload-url-spoofing(32649)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649" }, { "name": "oval:org.mitre.oval:def:2162", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162" }, { "name": "20070223 Secunia Research: Internet Explorer 7 \"onunload\" Event SpoofingVulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded" }, { "name": "1018788", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1018788" }, { "name": "2291", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2291" }, { "name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html" }, { "name": "MS07-057", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057" }, { "name": "TA07-282A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1091", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://lcamtuf.coredump.cx/ietrap", "refsource": "MISC", "url": "http://lcamtuf.coredump.cx/ietrap" }, { "name": "22680", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22680" }, { "name": "ADV-2007-0713", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0713" }, { "name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded" }, { "name": "ie-mozilla-onunload-dos(32647)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647" }, { "name": "HPSBST02280", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" }, { "name": "23014", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23014" }, { "name": "SSRT071480", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" }, { "name": "ie-mozilla-onunload-url-spoofing(32649)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649" }, { "name": "oval:org.mitre.oval:def:2162", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162" }, { "name": "20070223 Secunia Research: Internet Explorer 7 \"onunload\" Event SpoofingVulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded" }, { "name": "1018788", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018788" }, { "name": "2291", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2291" }, { "name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html" }, { "name": "MS07-057", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057" }, { "name": "TA07-282A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1091", "datePublished": "2007-02-26T11:00:00", "dateReserved": "2007-02-26T00:00:00", "dateUpdated": "2024-08-07T12:43:22.558Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-1765 (GCVE-0-2007-1765)
Vulnerability from cvelistv5
Published
2007-03-30 00:00
Modified
2024-08-07 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:06:26.389Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20070330 ANI Zeroday, Third Party Patch", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://research.eeye.com/html/alerts/zeroday/20070328.html" }, { "name": "20070331 Windows .ANI Stack Overflow Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded" }, { "name": "ADV-2007-1151", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1151" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://vil.nai.com/vil/content/v_141860.htm" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.avertlabs.com/research/blog/?p=230" }, { "name": "23194", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23194" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.microsoft.com/technet/security/advisory/935423.mspx" }, { "name": "1017827", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1017827" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.avertlabs.com/research/blog/?p=233" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-03-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20070330 ANI Zeroday, Third Party Patch", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://research.eeye.com/html/alerts/zeroday/20070328.html" }, { "name": "20070331 Windows .ANI Stack Overflow Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded" }, { "name": "ADV-2007-1151", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1151" }, { "tags": [ "x_refsource_MISC" ], "url": "http://vil.nai.com/vil/content/v_141860.htm" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.avertlabs.com/research/blog/?p=230" }, { "name": "23194", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23194" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.microsoft.com/technet/security/advisory/935423.mspx" }, { "name": "1017827", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1017827" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.avertlabs.com/research/blog/?p=233" }, { "tags": [ "x_refsource_MISC" ], "url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1765", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20070330 ANI Zeroday, Third Party Patch", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded" }, { "name": "http://research.eeye.com/html/alerts/zeroday/20070328.html", "refsource": "MISC", "url": "http://research.eeye.com/html/alerts/zeroday/20070328.html" }, { "name": "20070331 Windows .ANI Stack Overflow Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded" }, { "name": "ADV-2007-1151", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1151" }, { "name": "http://vil.nai.com/vil/content/v_141860.htm", "refsource": "MISC", "url": "http://vil.nai.com/vil/content/v_141860.htm" }, { "name": "http://www.avertlabs.com/research/blog/?p=230", "refsource": "MISC", "url": "http://www.avertlabs.com/research/blog/?p=230" }, { "name": "23194", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23194" }, { "name": "http://www.microsoft.com/technet/security/advisory/935423.mspx", "refsource": "CONFIRM", "url": "http://www.microsoft.com/technet/security/advisory/935423.mspx" }, { "name": "1017827", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017827" }, { "name": "http://www.avertlabs.com/research/blog/?p=233", "refsource": "MISC", "url": "http://www.avertlabs.com/research/blog/?p=233" }, { "name": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/", "refsource": "MISC", "url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1765", "datePublished": "2007-03-30T00:00:00", "dateReserved": "2007-03-29T00:00:00", "dateUpdated": "2024-08-07T13:06:26.389Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-0036 (GCVE-0-2000-0036)
Vulnerability from cvelistv5
Published
2000-03-22 05:00
Modified
2024-08-08 05:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:05:53.761Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Q249082", "tags": [ "vendor-advisory", "x_refsource_MSKB", "x_transferred" ], "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ249082" }, { "name": "MS99-060", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "1999-12-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the \"HTML Mail Attachment\" vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "Q249082", "tags": [ "vendor-advisory", "x_refsource_MSKB" ], "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ249082" }, { "name": "MS99-060", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0036", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the \"HTML Mail Attachment\" vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "Q249082", "refsource": "MSKB", "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249082" }, { "name": "MS99-060", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0036", "datePublished": "2000-03-22T05:00:00", "dateReserved": "2000-01-11T00:00:00", "dateUpdated": "2024-08-08T05:05:53.761Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-1559 (GCVE-0-2003-1559)
Vulnerability from cvelistv5
Published
2008-07-14 23:00
Modified
2024-08-08 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:35:16.504Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/348574" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html" }, { "name": "9295", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9295" }, { "name": "20031224 IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/348360" }, { "name": "3989", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/3989" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-12-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-01-29T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/348574" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html" }, { "name": "9295", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9295" }, { "name": "20031224 IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/348360" }, { "name": "3989", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/3989" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1559", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/348574" }, { "name": "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html", "refsource": "MISC", "url": "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html" }, { "name": "9295", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9295" }, { "name": "20031224 IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/348360" }, { "name": "3989", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3989" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1559", "datePublished": "2008-07-14T23:00:00", "dateReserved": "2008-07-14T00:00:00", "dateUpdated": "2024-08-08T02:35:16.504Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-1192 (GCVE-0-2006-1192)
Vulnerability from cvelistv5
Published
2006-04-11 23:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:03:28.582Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "18957", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18957" }, { "name": "oval:org.mitre.oval:def:1498", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1498" }, { "name": "670", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/670" }, { "name": "ie-browser-window-spoofing(25557)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25557" }, { "name": "17460", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/17460" }, { "name": "oval:org.mitre.oval:def:1645", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1645" }, { "name": "MS06-013", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "oval:org.mitre.oval:def:1336", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336" }, { "name": "ADV-2006-1318", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "oval:org.mitre.oval:def:1740", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1740" }, { "name": "1015899", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015899" }, { "name": "oval:org.mitre.oval:def:1725", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1725" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-04-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow \"window content to persist\" after the user has navigated to another site, aka the \"Address Bar Spoofing Vulnerability.\" NOTE: this is a different vulnerability than CVE-2006-1626." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "18957", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18957" }, { "name": "oval:org.mitre.oval:def:1498", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1498" }, { "name": "670", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/670" }, { "name": "ie-browser-window-spoofing(25557)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25557" }, { "name": "17460", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/17460" }, { "name": "oval:org.mitre.oval:def:1645", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1645" }, { "name": "MS06-013", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "oval:org.mitre.oval:def:1336", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336" }, { "name": "ADV-2006-1318", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "oval:org.mitre.oval:def:1740", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1740" }, { "name": "1015899", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015899" }, { "name": "oval:org.mitre.oval:def:1725", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1725" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-1192", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow \"window content to persist\" after the user has navigated to another site, aka the \"Address Bar Spoofing Vulnerability.\" NOTE: this is a different vulnerability than CVE-2006-1626." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "18957", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18957" }, { "name": "oval:org.mitre.oval:def:1498", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1498" }, { "name": "670", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/670" }, { "name": "ie-browser-window-spoofing(25557)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25557" }, { "name": "17460", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17460" }, { "name": "oval:org.mitre.oval:def:1645", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1645" }, { "name": "MS06-013", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "oval:org.mitre.oval:def:1336", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336" }, { "name": "ADV-2006-1318", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "oval:org.mitre.oval:def:1740", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1740" }, { "name": "1015899", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015899" }, { "name": "oval:org.mitre.oval:def:1725", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1725" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-1192", "datePublished": "2006-04-11T23:00:00", "dateReserved": "2006-03-13T00:00:00", "dateUpdated": "2024-08-07T17:03:28.582Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-2308 (GCVE-0-2005-2308)
Vulnerability from cvelistv5
Published
2005-07-19 04:00
Modified
2024-09-17 03:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:22:48.665Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "14285", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/14285" }, { "name": "14286", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/14286" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://lcamtuf.coredump.cx/crash" }, { "name": "14284", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/14284" }, { "name": "20050715 Compromising pictures of Microsoft Internet Explorer!", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/405298" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-07-19T04:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "14285", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/14285" }, { "name": "14286", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/14286" }, { "tags": [ "x_refsource_MISC" ], "url": "http://lcamtuf.coredump.cx/crash" }, { "name": "14284", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/14284" }, { "name": "20050715 Compromising pictures of Microsoft Internet Explorer!", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/405298" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2308", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "14285", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14285" }, { "name": "14286", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14286" }, { "name": "http://lcamtuf.coredump.cx/crash", "refsource": "MISC", "url": "http://lcamtuf.coredump.cx/crash" }, { "name": "14284", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14284" }, { "name": "20050715 Compromising pictures of Microsoft Internet Explorer!", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/405298" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2308", "datePublished": "2005-07-19T04:00:00Z", "dateReserved": "2005-07-19T00:00:00Z", "dateUpdated": "2024-09-17T03:48:26.245Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-0110 (GCVE-0-2005-0110)
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:57:40.921Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20050114 Internet Explorer (SP2) - Remote File Download", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://marc.info/?l=full-disclosure\u0026m=110569119106172\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20050114 Internet Explorer (SP2) - Remote File Download", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://marc.info/?l=full-disclosure\u0026m=110569119106172\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0110", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20050114 Internet Explorer (SP2) - Remote File Download", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure\u0026m=110569119106172\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0110", "datePublished": "2005-01-19T05:00:00", "dateReserved": "2005-01-18T00:00:00", "dateUpdated": "2024-08-07T20:57:40.921Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-1026 (GCVE-0-2003-1026)
Vulnerability from cvelistv5
Published
2004-01-08 05:00
Modified
2024-08-08 02:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:12:35.744Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu" }, { "name": "oval:org.mitre.oval:def:630", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630" }, { "name": "VU#784102", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/784102" }, { "name": "oval:org.mitre.oval:def:689", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689" }, { "name": "oval:org.mitre.oval:def:774", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774" }, { "name": "20031201 Comments on 5 IE vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "name": "oval:org.mitre.oval:def:687", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687" }, { "name": "TA04-033A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html" }, { "name": "oval:org.mitre.oval:def:805", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805" }, { "name": "MS04-004", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004" }, { "name": "oval:org.mitre.oval:def:643", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643" }, { "name": "20031125 BackToFramedJpu - a successor of BackToJpu attack", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106979349517578\u0026w=2" }, { "name": "ie-subframe-xss(13846)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13846" }, { "name": "oval:org.mitre.oval:def:745", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-11-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window\u0027s zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the \"Travel Log Cross Domain Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu" }, { "name": "oval:org.mitre.oval:def:630", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630" }, { "name": "VU#784102", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/784102" }, { "name": "oval:org.mitre.oval:def:689", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689" }, { "name": "oval:org.mitre.oval:def:774", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774" }, { "name": "20031201 Comments on 5 IE vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "name": "oval:org.mitre.oval:def:687", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687" }, { "name": "TA04-033A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html" }, { "name": "oval:org.mitre.oval:def:805", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805" }, { "name": "MS04-004", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004" }, { "name": "oval:org.mitre.oval:def:643", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643" }, { "name": "20031125 BackToFramedJpu - a successor of BackToJpu attack", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106979349517578\u0026w=2" }, { "name": "ie-subframe-xss(13846)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13846" }, { "name": "oval:org.mitre.oval:def:745", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1026", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window\u0027s zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the \"Travel Log Cross Domain Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu", "refsource": "MISC", "url": "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu" }, { "name": "oval:org.mitre.oval:def:630", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630" }, { "name": "VU#784102", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/784102" }, { "name": "oval:org.mitre.oval:def:689", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689" }, { "name": "oval:org.mitre.oval:def:774", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774" }, { "name": "20031201 Comments on 5 IE vulnerabilities", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "name": "oval:org.mitre.oval:def:687", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687" }, { "name": "TA04-033A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html" }, { "name": "oval:org.mitre.oval:def:805", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805" }, { "name": "MS04-004", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004" }, { "name": "oval:org.mitre.oval:def:643", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643" }, { "name": "20031125 BackToFramedJpu - a successor of BackToJpu attack", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106979349517578\u0026w=2" }, { "name": "ie-subframe-xss(13846)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13846" }, { "name": "oval:org.mitre.oval:def:745", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1026", "datePublished": "2004-01-08T05:00:00", "dateReserved": "2004-01-07T00:00:00", "dateUpdated": "2024-08-08T02:12:35.744Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-5544 (GCVE-0-2006-5544)
Vulnerability from cvelistv5
Published
2006-10-26 17:00
Modified
2024-08-07 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL.
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:55:53.226Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20728", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/20728" }, { "name": "20061025 IE7 status: 8 days after release, 3 unfixed issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" }, { "name": "VU#347188", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/347188" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx" }, { "name": "1017122", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017122" }, { "name": "22542", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22542" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/" }, { "name": "30022", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/30022" }, { "name": "ie-popup-addressbar-spoofing(29827)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29827" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-10-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20728", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/20728" }, { "name": "20061025 IE7 status: 8 days after release, 3 unfixed issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" }, { "name": "VU#347188", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/347188" }, { "tags": [ "x_refsource_MISC" ], "url": "http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx" }, { "name": "1017122", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017122" }, { "name": "22542", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22542" }, { "tags": [ "x_refsource_MISC" ], "url": "http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/" }, { "name": "30022", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/30022" }, { "name": "ie-popup-addressbar-spoofing(29827)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29827" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5544", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20728", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20728" }, { "name": "20061025 IE7 status: 8 days after release, 3 unfixed issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" }, { "name": "VU#347188", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/347188" }, { "name": "http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx", "refsource": "MISC", "url": "http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx" }, { "name": "1017122", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017122" }, { "name": "22542", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22542" }, { "name": "http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/", "refsource": "MISC", "url": "http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/" }, { "name": "30022", "refsource": "OSVDB", "url": "http://www.osvdb.org/30022" }, { "name": "ie-popup-addressbar-spoofing(29827)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29827" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5544", "datePublished": "2006-10-26T17:00:00", "dateReserved": "2006-10-26T00:00:00", "dateUpdated": "2024-08-07T19:55:53.226Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-5884 (GCVE-0-2006-5884)
Vulnerability from cvelistv5
Published
2006-11-14 21:00
Modified
2024-08-07 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:04:55.889Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "TA06-318A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "name": "31324", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/31324" }, { "name": "MS06-067", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "TA06-318A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "name": "31324", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/31324" }, { "name": "MS06-067", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5884", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "TA06-318A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "name": "31324", "refsource": "OSVDB", "url": "http://www.osvdb.org/31324" }, { "name": "MS06-067", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5884", "datePublished": "2006-11-14T21:00:00", "dateReserved": "2006-11-14T00:00:00", "dateUpdated": "2024-08-07T20:04:55.889Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-6659 (GCVE-0-2006-6659)
Vulnerability from cvelistv5
Published
2006-12-20 02:00
Modified
2024-09-16 18:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:33:59.963Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "21649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/21649" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://shinnai.altervista.org/viewtopic.php?id=41\u0026t_id=8" }, { "name": "1017397", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017397" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-12-20T02:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "21649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/21649" }, { "tags": [ "x_refsource_MISC" ], "url": "http://shinnai.altervista.org/viewtopic.php?id=41\u0026t_id=8" }, { "name": "1017397", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017397" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6659", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "21649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21649" }, { "name": "http://shinnai.altervista.org/viewtopic.php?id=41\u0026t_id=8", "refsource": "MISC", "url": "http://shinnai.altervista.org/viewtopic.php?id=41\u0026t_id=8" }, { "name": "1017397", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017397" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6659", "datePublished": "2006-12-20T02:00:00Z", "dateReserved": "2006-12-19T00:00:00Z", "dateUpdated": "2024-09-16T18:59:10.725Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2001-1497 (GCVE-0-2001-1497)
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 04:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:58:11.581Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "3563", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/3563" }, { "name": "20011120 Re: MS IE Password inputs", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/241400" }, { "name": "20011121 MS IE Password inputs", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/241323" }, { "name": "ie-password-character-information(7592)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/7592.php" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-11-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-07-06T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "3563", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/3563" }, { "name": "20011120 Re: MS IE Password inputs", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/241400" }, { "name": "20011121 MS IE Password inputs", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/241323" }, { "name": "ie-password-character-information(7592)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/7592.php" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1497", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "3563", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3563" }, { "name": "20011120 Re: MS IE Password inputs", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/241400" }, { "name": "20011121 MS IE Password inputs", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/241323" }, { "name": "ie-password-character-information(7592)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7592.php" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1497", "datePublished": "2005-06-21T04:00:00", "dateReserved": "2005-06-21T00:00:00", "dateUpdated": "2024-08-08T04:58:11.581Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-2576 (GCVE-0-2009-2576)
Vulnerability from cvelistv5
Published
2009-07-22 18:00
Modified
2024-08-07 05:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:59:55.640Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://websecurity.com.ua/3338/" }, { "name": "20090725 DoS vulnerabilities in Internet Explorer", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html" }, { "name": "20090725 Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html" }, { "name": "20090720 RE: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/505120/100/0/threaded" }, { "name": "20090719 DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/505092/100/0/threaded" }, { "name": "20090720 Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/505122/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-07-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://websecurity.com.ua/3338/" }, { "name": "20090725 DoS vulnerabilities in Internet Explorer", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html" }, { "name": "20090725 Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html" }, { "name": "20090720 RE: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/505120/100/0/threaded" }, { "name": "20090719 DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/505092/100/0/threaded" }, { "name": "20090720 Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/505122/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2576", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://websecurity.com.ua/3338/", "refsource": "MISC", "url": "http://websecurity.com.ua/3338/" }, { "name": "20090725 DoS vulnerabilities in Internet Explorer", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html" }, { "name": "20090725 Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html" }, { "name": "20090720 RE: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/505120/100/0/threaded" }, { "name": "20090719 DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/505092/100/0/threaded" }, { "name": "20090720 Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/505122/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2576", "datePublished": "2009-07-22T18:00:00", "dateReserved": "2009-07-22T00:00:00", "dateUpdated": "2024-08-07T05:59:55.640Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-1714 (GCVE-0-2002-1714)
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:34:56.189Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20020420 DoS in Multiple IE Versions (Self-Referenced Directives)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://online.securityfocus.com/archive/1/268776" }, { "name": "4564", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/4564" }, { "name": "ie-object-directive-dos(8904)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8904" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-04-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type \"text/html\" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20020420 DoS in Multiple IE Versions (Self-Referenced Directives)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://online.securityfocus.com/archive/1/268776" }, { "name": "4564", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/4564" }, { "name": "ie-object-directive-dos(8904)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8904" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1714", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type \"text/html\" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20020420 DoS in Multiple IE Versions (Self-Referenced Directives)", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/268776" }, { "name": "4564", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4564" }, { "name": "ie-object-directive-dos(8904)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8904" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1714", "datePublished": "2005-06-21T04:00:00", "dateReserved": "2005-06-21T00:00:00", "dateUpdated": "2024-08-08T03:34:56.189Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-1254 (GCVE-0-2002-1254)
Vulnerability from cvelistv5
Published
2002-11-27 05:00
Modified
2024-08-08 03:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:19:28.327Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "6028", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6028" }, { "name": "MS02-066", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "name": "20021022 Vulnerable cached objects in IE (9 advisories in 1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=103530131201191\u0026w=2" }, { "name": "ie-cache-showmodaldialog-dom-access(10432)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10432" }, { "name": "ie-cache-getelementsbytagname-dom-access(10438)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10438.php" }, { "name": "ie-cache-getelementsbyname-dom-access(10437)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10437.php" }, { "name": "oval:org.mitre.oval:def:388", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388" }, { "name": "ie-cache-getelementbyid-dom-access(10436)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10436.php" }, { "name": "oval:org.mitre.oval:def:408", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408" }, { "name": "ie-cache-elementfrompoint-dom-access(10435)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10435.php" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://security.greymagic.com/adv/gm012-ie/" }, { "name": "N-018", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred" ], "url": "http://www.ciac.org/ciac/bulletins/n-018.shtml" }, { "name": "ie-cache-execcommand-dom-access(10439)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10439.php" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-11-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka \"Cross Domain Verification via Cached Methods.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "6028", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/6028" }, { "name": "MS02-066", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "name": "20021022 Vulnerable cached objects in IE (9 advisories in 1)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=103530131201191\u0026w=2" }, { "name": "ie-cache-showmodaldialog-dom-access(10432)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10432" }, { "name": "ie-cache-getelementsbytagname-dom-access(10438)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10438.php" }, { "name": "ie-cache-getelementsbyname-dom-access(10437)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10437.php" }, { "name": "oval:org.mitre.oval:def:388", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388" }, { "name": "ie-cache-getelementbyid-dom-access(10436)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10436.php" }, { "name": "oval:org.mitre.oval:def:408", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408" }, { "name": "ie-cache-elementfrompoint-dom-access(10435)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10435.php" }, { "tags": [ "x_refsource_MISC" ], "url": "http://security.greymagic.com/adv/gm012-ie/" }, { "name": "N-018", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC" ], "url": "http://www.ciac.org/ciac/bulletins/n-018.shtml" }, { "name": "ie-cache-execcommand-dom-access(10439)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10439.php" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1254", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka \"Cross Domain Verification via Cached Methods.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "6028", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6028" }, { "name": "MS02-066", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "name": "20021022 Vulnerable cached objects in IE (9 advisories in 1)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=103530131201191\u0026w=2" }, { "name": "ie-cache-showmodaldialog-dom-access(10432)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10432" }, { "name": "ie-cache-getelementsbytagname-dom-access(10438)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10438.php" }, { "name": "ie-cache-getelementsbyname-dom-access(10437)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10437.php" }, { "name": "oval:org.mitre.oval:def:388", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388" }, { "name": "ie-cache-getelementbyid-dom-access(10436)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10436.php" }, { "name": "oval:org.mitre.oval:def:408", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408" }, { "name": "ie-cache-elementfrompoint-dom-access(10435)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10435.php" }, { "name": "http://security.greymagic.com/adv/gm012-ie/", "refsource": "MISC", "url": "http://security.greymagic.com/adv/gm012-ie/" }, { "name": "N-018", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/n-018.shtml" }, { "name": "ie-cache-execcommand-dom-access(10439)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10439.php" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1254", "datePublished": "2002-11-27T05:00:00", "dateReserved": "2002-11-04T00:00:00", "dateUpdated": "2024-08-08T03:19:28.327Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-2179 (GCVE-0-2004-2179)
Vulnerability from cvelistv5
Published
2005-07-10 04:00
Modified
2024-09-16 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:15:01.938Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/378619" }, { "name": "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/378431" }, { "name": "11412", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11412" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-07-10T04:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/378619" }, { "name": "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/378431" }, { "name": "11412", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11412" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2179", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/378619" }, { "name": "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/378431" }, { "name": "11412", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11412" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2179", "datePublished": "2005-07-10T04:00:00Z", "dateReserved": "2005-07-10T04:00:00Z", "dateUpdated": "2024-09-16T19:19:34.966Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3640 (GCVE-0-2006-3640)
Vulnerability from cvelistv5
Published
2006-08-09 00:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:39:54.020Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1016663", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "oval:org.mitre.oval:def:171", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171" }, { "name": "19339", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19339" }, { "name": "21396", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "27850", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/27850" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka \"Window Location Information Disclosure Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "1016663", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "oval:org.mitre.oval:def:171", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171" }, { "name": "19339", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19339" }, { "name": "21396", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "27850", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/27850" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-3640", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka \"Window Location Information Disclosure Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1016663", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "oval:org.mitre.oval:def:171", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171" }, { "name": "19339", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19339" }, { "name": "21396", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "27850", "refsource": "OSVDB", "url": "http://www.osvdb.org/27850" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-3640", "datePublished": "2006-08-09T00:00:00", "dateReserved": "2006-07-17T00:00:00", "dateUpdated": "2024-08-07T18:39:54.020Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-4687 (GCVE-0-2006-4687)
Vulnerability from cvelistv5
Published
2006-11-14 21:00
Modified
2024-08-07 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:23:41.092Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "TA06-318A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-041.html" }, { "name": "oval:org.mitre.oval:def:456", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456" }, { "name": "31323", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/31323" }, { "name": "VU#197852", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/197852" }, { "name": "1017223", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017223" }, { "name": "ADV-2006-4505", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4505" }, { "name": "20061114 ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/451590/100/100/threaded" }, { "name": "ie-layout-code-execution(29199)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29199" }, { "name": "21020", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/21020" }, { "name": "MS06-067", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "TA06-318A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-041.html" }, { "name": "oval:org.mitre.oval:def:456", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456" }, { "name": "31323", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/31323" }, { "name": "VU#197852", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/197852" }, { "name": "1017223", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017223" }, { "name": "ADV-2006-4505", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4505" }, { "name": "20061114 ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/451590/100/100/threaded" }, { "name": "ie-layout-code-execution(29199)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29199" }, { "name": "21020", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/21020" }, { "name": "MS06-067", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-4687", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "TA06-318A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-041.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-041.html" }, { "name": "oval:org.mitre.oval:def:456", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456" }, { "name": "31323", "refsource": "OSVDB", "url": "http://www.osvdb.org/31323" }, { "name": "VU#197852", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/197852" }, { "name": "1017223", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017223" }, { "name": "ADV-2006-4505", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4505" }, { "name": "20061114 ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/451590/100/100/threaded" }, { "name": "ie-layout-code-execution(29199)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29199" }, { "name": "21020", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21020" }, { "name": "MS06-067", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-4687", "datePublished": "2006-11-14T21:00:00", "dateReserved": "2006-09-11T00:00:00", "dateUpdated": "2024-08-07T19:23:41.092Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-0024 (GCVE-0-2007-0024)
Vulnerability from cvelistv5
Published
2007-01-09 23:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:03:37.020Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2007-0129", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0129" }, { "name": "MS07-004", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004" }, { "name": "TA07-009A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html" }, { "name": "21930", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/21930" }, { "name": "VU#122084", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/122084" }, { "name": "HPSBST02184", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1058", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058" }, { "name": "23677", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23677" }, { "name": "1017489", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017489" }, { "name": "ie-vml-record-bo(31287)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287" }, { "name": "20070116 MS07-004 VML Integer Overflow Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded" }, { "name": "ADV-2007-0105", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0105" }, { "name": "31250", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/31250" }, { "name": "SSRT071296", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded" }, { "name": "20070117 Re: MS07-004 VML Integer Overflow Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded" }, { "name": "929969", "tags": [ "vendor-advisory", "x_refsource_MSKB", "x_transferred" ], "url": "http://support.microsoft.com/?kbid=929969" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm" }, { "name": "20070109 Microsoft Windows VML Element Integer Overflow Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-01-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "ADV-2007-0129", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0129" }, { "name": "MS07-004", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004" }, { "name": "TA07-009A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html" }, { "name": "21930", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/21930" }, { "name": "VU#122084", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/122084" }, { "name": "HPSBST02184", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1058", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058" }, { "name": "23677", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23677" }, { "name": "1017489", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017489" }, { "name": "ie-vml-record-bo(31287)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287" }, { "name": "20070116 MS07-004 VML Integer Overflow Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded" }, { "name": "ADV-2007-0105", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0105" }, { "name": "31250", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/31250" }, { "name": "SSRT071296", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded" }, { "name": "20070117 Re: MS07-004 VML Integer Overflow Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded" }, { "name": "929969", "tags": [ "vendor-advisory", "x_refsource_MSKB" ], "url": "http://support.microsoft.com/?kbid=929969" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm" }, { "name": "20070109 Microsoft Windows VML Element Integer Overflow Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-0024", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2007-0129", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0129" }, { "name": "MS07-004", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004" }, { "name": "TA07-009A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html" }, { "name": "21930", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21930" }, { "name": "VU#122084", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/122084" }, { "name": "HPSBST02184", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1058", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058" }, { "name": "23677", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23677" }, { "name": "1017489", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017489" }, { "name": "ie-vml-record-bo(31287)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287" }, { "name": "20070116 MS07-004 VML Integer Overflow Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded" }, { "name": "ADV-2007-0105", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0105" }, { "name": "31250", "refsource": "OSVDB", "url": "http://www.osvdb.org/31250" }, { "name": "SSRT071296", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded" }, { "name": "20070117 Re: MS07-004 VML Integer Overflow Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded" }, { "name": "929969", "refsource": "MSKB", "url": "http://support.microsoft.com/?kbid=929969" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm" }, { "name": "20070109 Microsoft Windows VML Element Integer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-0024", "datePublished": "2007-01-09T23:00:00", "dateReserved": "2007-01-03T00:00:00", "dateUpdated": "2024-08-07T12:03:37.020Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-0544 (GCVE-0-2006-0544)
Vulnerability from cvelistv5
Published
2006-02-04 02:00
Modified
2024-09-17 01:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T16:41:28.529Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.security-protocols.com/advisory/sp-x23-advisory.txt" }, { "name": "16463", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/16463" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to \"file://\" followed by a large number of \"-\" (dash of hyphen) characters." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-02-04T02:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.security-protocols.com/advisory/sp-x23-advisory.txt" }, { "name": "16463", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/16463" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0544", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to \"file://\" followed by a large number of \"-\" (dash of hyphen) characters." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.security-protocols.com/advisory/sp-x23-advisory.txt", "refsource": "MISC", "url": "http://www.security-protocols.com/advisory/sp-x23-advisory.txt" }, { "name": "16463", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16463" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0544", "datePublished": "2006-02-04T02:00:00Z", "dateReserved": "2006-02-04T00:00:00Z", "dateUpdated": "2024-09-17T01:40:37.048Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0809 (GCVE-0-2003-0809)
Vulnerability from cvelistv5
Published
2003-10-08 04:00
Modified
2024-08-08 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:05:12.584Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:123", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123" }, { "name": "8565", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/8565" }, { "name": "ie-xmlobject-code-execution(13300)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13300" }, { "name": "MS03-040", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040" }, { "name": "7887", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/7887" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-10-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:123", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123" }, { "name": "8565", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/8565" }, { "name": "ie-xmlobject-code-execution(13300)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13300" }, { "name": "MS03-040", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040" }, { "name": "7887", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/7887" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0809", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:123", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123" }, { "name": "8565", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8565" }, { "name": "ie-xmlobject-code-execution(13300)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13300" }, { "name": "MS03-040", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040" }, { "name": "7887", "refsource": "OSVDB", "url": "http://www.osvdb.org/7887" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0809", "datePublished": "2003-10-08T04:00:00", "dateReserved": "2003-09-18T00:00:00", "dateUpdated": "2024-08-08T02:05:12.584Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-5577 (GCVE-0-2006-5577)
Vulnerability from cvelistv5
Published
2006-12-12 20:00
Modified
2024-08-07 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.
References
► | URL | Tags | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:55:53.621Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2006-4966", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4966" }, { "name": "23288", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23288" }, { "name": "TA06-346A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" }, { "name": "1017374", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017374" }, { "name": "oval:org.mitre.oval:def:313", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313" }, { "name": "21507", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/21507" }, { "name": "SSRT061288", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "name": "HPSBST02180", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "name": "MS06-072", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072" }, { "name": "30816", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/30816" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-12-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5578." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "ADV-2006-4966", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4966" }, { "name": "23288", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23288" }, { "name": "TA06-346A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" }, { "name": "1017374", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017374" }, { "name": "oval:org.mitre.oval:def:313", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313" }, { "name": "21507", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/21507" }, { "name": "SSRT061288", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "name": "HPSBST02180", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "name": "MS06-072", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072" }, { "name": "30816", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/30816" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-5577", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5578." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2006-4966", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4966" }, { "name": "23288", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23288" }, { "name": "TA06-346A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" }, { "name": "1017374", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017374" }, { "name": "oval:org.mitre.oval:def:313", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313" }, { "name": "21507", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21507" }, { "name": "SSRT061288", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "name": "HPSBST02180", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "name": "MS06-072", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072" }, { "name": "30816", "refsource": "OSVDB", "url": "http://www.osvdb.org/30816" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-5577", "datePublished": "2006-12-12T20:00:00", "dateReserved": "2006-10-27T00:00:00", "dateUpdated": "2024-08-07T19:55:53.621Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3510 (GCVE-0-2006-3510)
Vulnerability from cvelistv5
Published
2006-07-11 22:00
Modified
2024-08-07 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:30:34.314Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "26955", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/26955" }, { "name": "ADV-2006-2718", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2718" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html" }, { "name": "ie-rdsdatacontrol-url-dos(27621)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27621" }, { "name": "18900", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18900" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-07T00:00:00", "descriptions": [ { "lang": "en", "value": "The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "26955", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/26955" }, { "name": "ADV-2006-2718", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2718" }, { "tags": [ "x_refsource_MISC" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html" }, { "name": "ie-rdsdatacontrol-url-dos(27621)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27621" }, { "name": "18900", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18900" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3510", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "26955", "refsource": "OSVDB", "url": "http://www.osvdb.org/26955" }, { "name": "ADV-2006-2718", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2718" }, { "name": "http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html", "refsource": "MISC", "url": "http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html" }, { "name": "ie-rdsdatacontrol-url-dos(27621)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27621" }, { "name": "18900", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18900" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3510", "datePublished": "2006-07-11T22:00:00", "dateReserved": "2006-07-11T00:00:00", "dateUpdated": "2024-08-07T18:30:34.314Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3730 (GCVE-0-2006-3730)
Vulnerability from cvelistv5
Published
2006-07-19 23:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:39:54.001Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1016941", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016941" }, { "name": "TA06-283A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html" }, { "name": "TA06-270A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html" }, { "name": "MS06-057", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057" }, { "name": "SSRT061264", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" }, { "name": "VU#753044", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/753044" }, { "name": "20060927 Exploit module available for WebViewFolderIcon setSlice 0-day", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:339", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://isc.sans.org/diary.php?storyid=1742" }, { "name": "ie-webviewfoldericon-dos(27804)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804" }, { "name": "20060929 Determina zero-day fix for CVE-2006-3730 (WebViewFolderIcon setSlice Integer Overflow)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded" }, { "name": "20060930 setSlice exploited in the wild - massively", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://riosec.com/msie-setslice-vuln" }, { "name": "HPSBST02161", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" }, { "name": "27110", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/27110" }, { "name": "19030", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19030" }, { "name": "ADV-2006-2882", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2882" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html" }, { "name": "2440", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/2440" }, { "name": "20060930 ZERT patch for setSlice()", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded" }, { "name": "22159", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22159" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1016941", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016941" }, { "name": "TA06-283A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html" }, { "name": "TA06-270A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html" }, { "name": "MS06-057", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057" }, { "name": "SSRT061264", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" }, { "name": "VU#753044", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/753044" }, { "name": "20060927 Exploit module available for WebViewFolderIcon setSlice 0-day", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:339", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339" }, { "tags": [ "x_refsource_MISC" ], "url": "http://isc.sans.org/diary.php?storyid=1742" }, { "name": "ie-webviewfoldericon-dos(27804)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804" }, { "name": "20060929 Determina zero-day fix for CVE-2006-3730 (WebViewFolderIcon setSlice Integer Overflow)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded" }, { "name": "20060930 setSlice exploited in the wild - massively", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://riosec.com/msie-setslice-vuln" }, { "name": "HPSBST02161", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" }, { "name": "27110", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/27110" }, { "name": "19030", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19030" }, { "name": "ADV-2006-2882", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2882" }, { "tags": [ "x_refsource_MISC" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html" }, { "name": "2440", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/2440" }, { "name": "20060930 ZERT patch for setSlice()", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded" }, { "name": "22159", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22159" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3730", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1016941", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016941" }, { "name": "TA06-283A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html" }, { "name": "TA06-270A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html" }, { "name": "MS06-057", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057" }, { "name": "SSRT061264", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" }, { "name": "VU#753044", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/753044" }, { "name": "20060927 Exploit module available for WebViewFolderIcon setSlice 0-day", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:339", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339" }, { "name": "http://isc.sans.org/diary.php?storyid=1742", "refsource": "MISC", "url": "http://isc.sans.org/diary.php?storyid=1742" }, { "name": "ie-webviewfoldericon-dos(27804)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804" }, { "name": "20060929 Determina zero-day fix for CVE-2006-3730 (WebViewFolderIcon setSlice Integer Overflow)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded" }, { "name": "20060930 setSlice exploited in the wild - massively", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded" }, { "name": "http://riosec.com/msie-setslice-vuln", "refsource": "MISC", "url": "http://riosec.com/msie-setslice-vuln" }, { "name": "HPSBST02161", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" }, { "name": "27110", "refsource": "OSVDB", "url": "http://www.osvdb.org/27110" }, { "name": "19030", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19030" }, { "name": "ADV-2006-2882", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2882" }, { "name": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html", "refsource": "MISC", "url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html" }, { "name": "2440", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/2440" }, { "name": "20060930 ZERT patch for setSlice()", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded" }, { "name": "22159", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22159" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3730", "datePublished": "2006-07-19T23:00:00", "dateReserved": "2006-07-19T00:00:00", "dateUpdated": "2024-08-07T18:39:54.001Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-4089 (GCVE-0-2005-4089)
Vulnerability from cvelistv5
Published
2005-12-08 11:00
Modified
2024-08-07 23:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T23:31:49.181Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "17564", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17564" }, { "name": "oval:org.mitre.oval:def:1977", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1977" }, { "name": "oval:org.mitre.oval:def:1800", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1800" }, { "name": "oval:org.mitre.oval:def:1838", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1838" }, { "name": "ADV-2006-2319", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "name": "1016291", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016291" }, { "name": "oval:org.mitre.oval:def:1985", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1985" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.hacker.co.il/security/ie/css_import.html" }, { "name": "oval:org.mitre.oval:def:1556", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556" }, { "name": "oval:org.mitre.oval:def:1914", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1914" }, { "name": "15660", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15660" }, { "name": "ADV-2005-2804", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/2804" }, { "name": "MS06-021", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka \"CSSXSS\" and \"CSS Cross-Domain Information Disclosure Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "17564", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17564" }, { "name": "oval:org.mitre.oval:def:1977", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1977" }, { "name": "oval:org.mitre.oval:def:1800", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1800" }, { "name": "oval:org.mitre.oval:def:1838", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1838" }, { "name": "ADV-2006-2319", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "name": "1016291", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016291" }, { "name": "oval:org.mitre.oval:def:1985", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1985" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.hacker.co.il/security/ie/css_import.html" }, { "name": "oval:org.mitre.oval:def:1556", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556" }, { "name": "oval:org.mitre.oval:def:1914", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1914" }, { "name": "15660", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15660" }, { "name": "ADV-2005-2804", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/2804" }, { "name": "MS06-021", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4089", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka \"CSSXSS\" and \"CSS Cross-Domain Information Disclosure Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "17564", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17564" }, { "name": "oval:org.mitre.oval:def:1977", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1977" }, { "name": "oval:org.mitre.oval:def:1800", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1800" }, { "name": "oval:org.mitre.oval:def:1838", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1838" }, { "name": "ADV-2006-2319", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "name": "1016291", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016291" }, { "name": "oval:org.mitre.oval:def:1985", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1985" }, { "name": "http://www.hacker.co.il/security/ie/css_import.html", "refsource": "MISC", "url": "http://www.hacker.co.il/security/ie/css_import.html" }, { "name": "oval:org.mitre.oval:def:1556", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556" }, { "name": "oval:org.mitre.oval:def:1914", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1914" }, { "name": "15660", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15660" }, { "name": "ADV-2005-2804", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2804" }, { "name": "MS06-021", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4089", "datePublished": "2005-12-08T11:00:00", "dateReserved": "2005-12-08T00:00:00", "dateUpdated": "2024-08-07T23:31:49.181Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-1999-0876 (GCVE-0-1999-0876)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:55:28.798Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Q185959", "tags": [ "vendor-advisory", "x_refsource_MSKB", "x_transferred" ], "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ185959" }, { "name": "Q176697", "tags": [ "vendor-advisory", "x_refsource_MSKB", "x_transferred" ], "url": "http://support.microsoft.com/support/kb/articles/q176/6/97.asp" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Buffer overflow in Internet Explorer 4.0 via EMBED tag." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "Q185959", "tags": [ "vendor-advisory", "x_refsource_MSKB" ], "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ185959" }, { "name": "Q176697", "tags": [ "vendor-advisory", "x_refsource_MSKB" ], "url": "http://support.microsoft.com/support/kb/articles/q176/6/97.asp" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0876", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Internet Explorer 4.0 via EMBED tag." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "Q185959", "refsource": "MSKB", "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q185959" }, { "name": "Q176697", "refsource": "MSKB", "url": "http://support.microsoft.com/support/kb/articles/q176/6/97.asp" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0876", "datePublished": "2000-01-04T05:00:00", "dateReserved": "1999-12-08T00:00:00", "dateUpdated": "2024-08-01T16:55:28.798Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3910 (GCVE-0-2006-3910)
Vulnerability from cvelistv5
Published
2006-07-28 00:00
Modified
2024-08-07 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:48:39.271Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html" }, { "name": "27112", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/27112" }, { "name": "19079", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19079" }, { "name": "ie-ovctl-newdefaultitem-dos(27845)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27845" }, { "name": "ADV-2006-2915", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2915" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html" }, { "name": "27112", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/27112" }, { "name": "19079", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19079" }, { "name": "ie-ovctl-newdefaultitem-dos(27845)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27845" }, { "name": "ADV-2006-2915", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2915" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3910", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html", "refsource": "MISC", "url": "http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html" }, { "name": "27112", "refsource": "OSVDB", "url": "http://www.osvdb.org/27112" }, { "name": "19079", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19079" }, { "name": "ie-ovctl-newdefaultitem-dos(27845)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27845" }, { "name": "ADV-2006-2915", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2915" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3910", "datePublished": "2006-07-28T00:00:00", "dateReserved": "2006-07-27T00:00:00", "dateUpdated": "2024-08-07T18:48:39.271Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1198 (GCVE-0-2004-1198)
Vulnerability from cvelistv5
Published
2004-12-15 05:00
Modified
2024-08-08 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:46:11.505Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "web-browser-array-dos(18282)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282" }, { "name": "11751", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11751" }, { "name": "20041125 MSIE \u0026 FIREFOX flaws: \"detailed\" advisory and comments that you probably don\u0027t want to read anyway", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html" }, { "name": "20041125 MSIE flaws: nested array sort() loop Stack overflow exception", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/382257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-11-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "web-browser-array-dos(18282)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282" }, { "name": "11751", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11751" }, { "name": "20041125 MSIE \u0026 FIREFOX flaws: \"detailed\" advisory and comments that you probably don\u0027t want to read anyway", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html" }, { "name": "20041125 MSIE flaws: nested array sort() loop Stack overflow exception", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/382257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1198", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "web-browser-array-dos(18282)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282" }, { "name": "11751", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11751" }, { "name": "20041125 MSIE \u0026 FIREFOX flaws: \"detailed\" advisory and comments that you probably don\u0027t want to read anyway", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html" }, { "name": "20041125 MSIE flaws: nested array sort() loop Stack overflow exception", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/382257" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1198", "datePublished": "2004-12-15T05:00:00", "dateReserved": "2004-12-14T00:00:00", "dateUpdated": "2024-08-08T00:46:11.505Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-0519 (GCVE-0-2000-0519)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:21:30.994Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt" }, { "name": "CA-2000-10", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.cert.org/advisories/CA-2000-10.html" }, { "name": "MS00-039", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039" }, { "name": "1309", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/1309" }, { "name": "ie-revalidate-certificate(4627)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4627" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different \"SSL Certificate Validation\" vulnerabilities." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt" }, { "name": "CA-2000-10", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.cert.org/advisories/CA-2000-10.html" }, { "name": "MS00-039", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039" }, { "name": "1309", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/1309" }, { "name": "ie-revalidate-certificate(4627)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4627" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0519", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different \"SSL Certificate Validation\" vulnerabilities." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt", "refsource": "MISC", "url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt" }, { "name": "CA-2000-10", "refsource": "CERT", "url": "http://www.cert.org/advisories/CA-2000-10.html" }, { "name": "MS00-039", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039" }, { "name": "1309", "refsource": "BID", "url": "http://www.securityfocus.com/bid/1309" }, { "name": "ie-revalidate-certificate(4627)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4627" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0519", "datePublished": "2000-10-13T04:00:00", "dateReserved": "2000-07-11T00:00:00", "dateUpdated": "2024-08-08T05:21:30.994Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0113 (GCVE-0-2003-0113)
Vulnerability from cvelistv5
Published
2003-04-26 04:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:43:36.095Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20030701 URLMON.DLL buffer overflow - technical details", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=105718285107246\u0026w=2" }, { "name": "oval:org.mitre.oval:def:926", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926" }, { "name": "20030426 Buffer overflow in Internet Explorer\u0027s HTTP parsing code", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=105138417416900\u0026w=2" }, { "name": "VU#169753", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/169753" }, { "name": "MS03-015", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-04-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20030701 URLMON.DLL buffer overflow - technical details", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=105718285107246\u0026w=2" }, { "name": "oval:org.mitre.oval:def:926", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926" }, { "name": "20030426 Buffer overflow in Internet Explorer\u0027s HTTP parsing code", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=105138417416900\u0026w=2" }, { "name": "VU#169753", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/169753" }, { "name": "MS03-015", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0113", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20030701 URLMON.DLL buffer overflow - technical details", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=105718285107246\u0026w=2" }, { "name": "oval:org.mitre.oval:def:926", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926" }, { "name": "20030426 Buffer overflow in Internet Explorer\u0027s HTTP parsing code", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=105138417416900\u0026w=2" }, { "name": "VU#169753", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/169753" }, { "name": "MS03-015", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0113", "datePublished": "2003-04-26T04:00:00", "dateReserved": "2003-02-26T00:00:00", "dateUpdated": "2024-08-08T01:43:36.095Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0531 (GCVE-0-2003-0531)
Vulnerability from cvelistv5
Published
2003-08-22 04:00
Modified
2024-08-08 01:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability.
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:58:11.083Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "9580", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/9580" }, { "name": "CA-2003-22", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.cert.org/advisories/CA-2003-22.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.lac.co.jp/security/english/snsadv_e/67_e.html" }, { "name": "ie-cache-script-injection(12961)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12961" }, { "name": "MS03-032", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "name": "VU#205148", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/205148" }, { "name": "8457", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/8457" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-08-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the \"Browser Cache Script Execution in My Computer Zone\" vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "9580", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/9580" }, { "name": "CA-2003-22", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.cert.org/advisories/CA-2003-22.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.lac.co.jp/security/english/snsadv_e/67_e.html" }, { "name": "ie-cache-script-injection(12961)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12961" }, { "name": "MS03-032", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "name": "VU#205148", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/205148" }, { "name": "8457", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/8457" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0531", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the \"Browser Cache Script Execution in My Computer Zone\" vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "9580", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/9580" }, { "name": "CA-2003-22", "refsource": "CERT", "url": "http://www.cert.org/advisories/CA-2003-22.html" }, { "name": "http://www.lac.co.jp/security/english/snsadv_e/67_e.html", "refsource": "MISC", "url": "http://www.lac.co.jp/security/english/snsadv_e/67_e.html" }, { "name": "ie-cache-script-injection(12961)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12961" }, { "name": "MS03-032", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "name": "VU#205148", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/205148" }, { "name": "8457", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8457" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0531", "datePublished": "2003-08-22T04:00:00", "dateReserved": "2003-07-08T00:00:00", "dateUpdated": "2024-08-08T01:58:11.083Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-0500 (GCVE-0-2005-0500)
Vulnerability from cvelistv5
Published
2005-02-21 05:00
Modified
2024-08-07 21:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T21:13:54.506Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20050221 WindowsXPSP2 script-initiated popup window", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://marc.info/?l=full-disclosure\u0026m=110895997201027\u0026w=2" }, { "name": "14335", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14335" }, { "name": "ie-title-bar-spoofing(19452)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19452" }, { "name": "12602", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/12602" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-02-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20050221 WindowsXPSP2 script-initiated popup window", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://marc.info/?l=full-disclosure\u0026m=110895997201027\u0026w=2" }, { "name": "14335", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14335" }, { "name": "ie-title-bar-spoofing(19452)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19452" }, { "name": "12602", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/12602" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0500", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20050221 WindowsXPSP2 script-initiated popup window", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure\u0026m=110895997201027\u0026w=2" }, { "name": "14335", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14335" }, { "name": "ie-title-bar-spoofing(19452)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19452" }, { "name": "12602", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12602" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0500", "datePublished": "2005-02-21T05:00:00", "dateReserved": "2005-02-21T00:00:00", "dateUpdated": "2024-08-07T21:13:54.506Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-0055 (GCVE-0-2005-0055)
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:57:41.096Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MS05-014", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "name": "oval:org.mitre.oval:def:3137", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3137" }, { "name": "VU#843771", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/843771" }, { "name": "TA05-039A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "name": "oval:org.mitre.oval:def:1005", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005" }, { "name": "ie-cdf-execute-code(19137)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137" }, { "name": "oval:org.mitre.oval:def:3910", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3910" }, { "name": "11165", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/11165/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://secunia.com/secunia_research/2004-12/advisory/" }, { "name": "1013125", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1013125" }, { "name": "oval:org.mitre.oval:def:710", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A710" }, { "name": "oval:org.mitre.oval:def:2692", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2692" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the \"DHTML Method Heap Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "MS05-014", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "name": "oval:org.mitre.oval:def:3137", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3137" }, { "name": "VU#843771", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/843771" }, { "name": "TA05-039A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "name": "oval:org.mitre.oval:def:1005", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005" }, { "name": "ie-cdf-execute-code(19137)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137" }, { "name": "oval:org.mitre.oval:def:3910", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3910" }, { "name": "11165", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/11165/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://secunia.com/secunia_research/2004-12/advisory/" }, { "name": "1013125", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1013125" }, { "name": "oval:org.mitre.oval:def:710", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A710" }, { "name": "oval:org.mitre.oval:def:2692", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2692" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0055", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the \"DHTML Method Heap Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MS05-014", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "name": "oval:org.mitre.oval:def:3137", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3137" }, { "name": "VU#843771", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/843771" }, { "name": "TA05-039A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "name": "oval:org.mitre.oval:def:1005", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005" }, { "name": "ie-cdf-execute-code(19137)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137" }, { "name": "oval:org.mitre.oval:def:3910", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3910" }, { "name": "11165", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11165/" }, { "name": "http://secunia.com/secunia_research/2004-12/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2004-12/advisory/" }, { "name": "1013125", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013125" }, { "name": "oval:org.mitre.oval:def:710", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A710" }, { "name": "oval:org.mitre.oval:def:2692", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2692" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0055", "datePublished": "2005-02-08T05:00:00", "dateReserved": "2005-01-11T00:00:00", "dateUpdated": "2024-08-07T20:57:41.096Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-1188 (GCVE-0-2006-1188)
Vulnerability from cvelistv5
Published
2006-04-11 23:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:03:28.518Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20060525 [BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/435096/30/4710/threaded" }, { "name": "oval:org.mitre.oval:def:1144", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1144" }, { "name": "18957", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18957" }, { "name": "1015900", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015900" }, { "name": "oval:org.mitre.oval:def:1290", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1290" }, { "name": "VU#824324", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/824324" }, { "name": "TA06-101A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "oval:org.mitre.oval:def:1773", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1773" }, { "name": "MS06-013", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "ADV-2006-1318", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "oval:org.mitre.oval:def:1296", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1296" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-04-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "20060525 [BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/435096/30/4710/threaded" }, { "name": "oval:org.mitre.oval:def:1144", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1144" }, { "name": "18957", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18957" }, { "name": "1015900", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015900" }, { "name": "oval:org.mitre.oval:def:1290", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1290" }, { "name": "VU#824324", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/824324" }, { "name": "TA06-101A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "oval:org.mitre.oval:def:1773", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1773" }, { "name": "MS06-013", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "ADV-2006-1318", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "oval:org.mitre.oval:def:1296", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1296" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-1188", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20060525 [BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/435096/30/4710/threaded" }, { "name": "oval:org.mitre.oval:def:1144", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1144" }, { "name": "18957", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18957" }, { "name": "1015900", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015900" }, { "name": "oval:org.mitre.oval:def:1290", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1290" }, { "name": "VU#824324", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/824324" }, { "name": "TA06-101A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "name": "oval:org.mitre.oval:def:1773", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1773" }, { "name": "MS06-013", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "name": "ADV-2006-1318", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "name": "oval:org.mitre.oval:def:1296", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1296" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-1188", "datePublished": "2006-04-11T23:00:00", "dateReserved": "2006-03-13T00:00:00", "dateUpdated": "2024-08-07T17:03:28.518Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1527 (GCVE-0-2004-1527)
Vulnerability from cvelistv5
Published
2005-02-19 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:53:24.098Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html" }, { "name": "ie-path-cookie-overwrite(18073)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18073" }, { "name": "13208", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/13208" }, { "name": "20041115 [SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=110053968530613\u0026w=2" }, { "name": "11680", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11680" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-11-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker\u0027s domain name is within the target\u0027s domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html" }, { "name": "ie-path-cookie-overwrite(18073)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18073" }, { "name": "13208", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/13208" }, { "name": "20041115 [SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=110053968530613\u0026w=2" }, { "name": "11680", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11680" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1527", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker\u0027s domain name is within the target\u0027s domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html", "refsource": "MISC", "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html" }, { "name": "ie-path-cookie-overwrite(18073)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18073" }, { "name": "13208", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13208" }, { "name": "20041115 [SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=110053968530613\u0026w=2" }, { "name": "11680", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11680" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1527", "datePublished": "2005-02-19T05:00:00", "dateReserved": "2005-02-18T00:00:00", "dateUpdated": "2024-08-08T00:53:24.098Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-0160 (GCVE-0-2000-0160)
Vulnerability from cvelistv5
Published
2000-02-23 05:00
Modified
2024-08-08 05:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:05:53.966Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20000221 Microsoft signed software can be install software without prompting users", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-02-15\u0026msg=20000221103938.T21312%40securityfocus.com" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-02-21T00:00:00", "descriptions": [ { "lang": "en", "value": "The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software\u0027s manufacturer is Microsoft." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2003-05-08T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20000221 Microsoft signed software can be install software without prompting users", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-02-15\u0026msg=20000221103938.T21312%40securityfocus.com" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0160", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software\u0027s manufacturer is Microsoft." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20000221 Microsoft signed software can be install software without prompting users", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-02-15\u0026msg=20000221103938.T21312@securityfocus.com" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0160", "datePublished": "2000-02-23T05:00:00", "dateReserved": "2000-02-23T00:00:00", "dateUpdated": "2024-08-08T05:05:53.966Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-3451 (GCVE-0-2006-3451)
Vulnerability from cvelistv5
Published
2006-08-08 23:00
Modified
2024-08-07 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:30:33.888Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html" }, { "name": "20060808 ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/442578/100/0/threaded" }, { "name": "1016663", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "oval:org.mitre.oval:def:5", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5" }, { "name": "VU#262004", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/262004" }, { "name": "21396", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "1343", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/1343" }, { "name": "27854", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/27854" }, { "name": "TA06-220A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "19316", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19316" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when \"multiple imports are used on a styleSheets collection\" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html" }, { "name": "20060808 ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/442578/100/0/threaded" }, { "name": "1016663", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "oval:org.mitre.oval:def:5", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5" }, { "name": "VU#262004", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/262004" }, { "name": "21396", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "1343", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/1343" }, { "name": "27854", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/27854" }, { "name": "TA06-220A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "19316", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19316" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-3451", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when \"multiple imports are used on a styleSheets collection\" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html" }, { "name": "20060808 ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/442578/100/0/threaded" }, { "name": "1016663", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016663" }, { "name": "MS06-042", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "name": "oval:org.mitre.oval:def:5", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5" }, { "name": "VU#262004", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/262004" }, { "name": "21396", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21396" }, { "name": "ADV-2006-3212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "name": "1343", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1343" }, { "name": "27854", "refsource": "OSVDB", "url": "http://www.osvdb.org/27854" }, { "name": "TA06-220A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "name": "19316", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19316" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-3451", "datePublished": "2006-08-08T23:00:00", "dateReserved": "2006-07-07T00:00:00", "dateUpdated": "2024-08-07T18:30:33.888Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-5805 (GCVE-0-2006-5805)
Vulnerability from cvelistv5
Published
2006-11-08 22:00
Modified
2024-08-07 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:04:55.610Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1017165", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017165" }, { "name": "20061103 IE7 website security certificate discrediting exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/450722/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-11-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site\u0027s URL in the address bar but causes Internet Explorer to report that the certificate is invalid." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1017165", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017165" }, { "name": "20061103 IE7 website security certificate discrediting exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/450722/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5805", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site\u0027s URL in the address bar but causes Internet Explorer to report that the certificate is invalid." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1017165", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017165" }, { "name": "20061103 IE7 website security certificate discrediting exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/450722/100/0/threaded" }, { "name": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html", "refsource": "MISC", "url": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5805", "datePublished": "2006-11-08T22:00:00", "dateReserved": "2006-11-08T00:00:00", "dateUpdated": "2024-08-07T20:04:55.610Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-0552 (GCVE-0-2009-0552)
Vulnerability from cvelistv5
Published
2009-04-15 03:49
Modified
2024-08-07 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
References
► | URL | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T04:40:05.120Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2009-1028", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/1028" }, { "name": "53625", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/53625" }, { "name": "TA09-104A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" }, { "name": "34678", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34678" }, { "name": "oval:org.mitre.oval:def:5551", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551" }, { "name": "MS09-014", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" }, { "name": "1022042", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1022042" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-04-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka \"Uninitialized Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "ADV-2009-1028", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/1028" }, { "name": "53625", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/53625" }, { "name": "TA09-104A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" }, { "name": "34678", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34678" }, { "name": "oval:org.mitre.oval:def:5551", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551" }, { "name": "MS09-014", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" }, { "name": "1022042", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1022042" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2009-0552", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka \"Uninitialized Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2009-1028", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1028" }, { "name": "53625", "refsource": "OSVDB", "url": "http://osvdb.org/53625" }, { "name": "TA09-104A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" }, { "name": "34678", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34678" }, { "name": "oval:org.mitre.oval:def:5551", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551" }, { "name": "MS09-014", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" }, { "name": "1022042", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022042" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2009-0552", "datePublished": "2009-04-15T03:49:00", "dateReserved": "2009-02-12T00:00:00", "dateUpdated": "2024-08-07T04:40:05.120Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0817 (GCVE-0-2003-0817)
Vulnerability from cvelistv5
Published
2004-01-14 05:00
Modified
2024-08-08 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
References
► | URL | Tags | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:05:12.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:508", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508" }, { "name": "oval:org.mitre.oval:def:543", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543" }, { "name": "oval:org.mitre.oval:def:548", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548" }, { "name": "oval:org.mitre.oval:def:520", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520" }, { "name": "MS03-048", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "oval:org.mitre.oval:def:556", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556" }, { "name": "9012", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9012" }, { "name": "oval:org.mitre.oval:def:549", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549" }, { "name": "oval:org.mitre.oval:def:566", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566" }, { "name": "10192", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10192" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-11-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:508", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508" }, { "name": "oval:org.mitre.oval:def:543", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543" }, { "name": "oval:org.mitre.oval:def:548", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548" }, { "name": "oval:org.mitre.oval:def:520", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520" }, { "name": "MS03-048", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "oval:org.mitre.oval:def:556", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556" }, { "name": "9012", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9012" }, { "name": "oval:org.mitre.oval:def:549", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549" }, { "name": "oval:org.mitre.oval:def:566", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566" }, { "name": "10192", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10192" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0817", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:508", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508" }, { "name": "oval:org.mitre.oval:def:543", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543" }, { "name": "oval:org.mitre.oval:def:548", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548" }, { "name": "oval:org.mitre.oval:def:520", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520" }, { "name": "MS03-048", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "name": "oval:org.mitre.oval:def:556", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556" }, { "name": "9012", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9012" }, { "name": "oval:org.mitre.oval:def:549", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549" }, { "name": "oval:org.mitre.oval:def:566", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566" }, { "name": "10192", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10192" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0817", "datePublished": "2004-01-14T05:00:00", "dateReserved": "2003-09-18T00:00:00", "dateUpdated": "2024-08-08T02:05:12.551Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-0518 (GCVE-0-2000-0518)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:21:31.406Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt" }, { "name": "ie-invalid-frame-image-certificate(4624)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4624" }, { "name": "CA-2000-10", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.cert.org/advisories/CA-2000-10.html" }, { "name": "MS00-039", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039" }, { "name": "1309", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/1309" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different \"SSL Certificate Validation\" vulnerabilities." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt" }, { "name": "ie-invalid-frame-image-certificate(4624)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4624" }, { "name": "CA-2000-10", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.cert.org/advisories/CA-2000-10.html" }, { "name": "MS00-039", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039" }, { "name": "1309", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/1309" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0518", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different \"SSL Certificate Validation\" vulnerabilities." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt", "refsource": "MISC", "url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt" }, { "name": "ie-invalid-frame-image-certificate(4624)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4624" }, { "name": "CA-2000-10", "refsource": "CERT", "url": "http://www.cert.org/advisories/CA-2000-10.html" }, { "name": "MS00-039", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039" }, { "name": "1309", "refsource": "BID", "url": "http://www.securityfocus.com/bid/1309" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0518", "datePublished": "2000-10-13T04:00:00", "dateReserved": "2000-07-11T00:00:00", "dateUpdated": "2024-08-08T05:21:31.406Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-2126 (GCVE-0-2005-2126)
Vulnerability from cvelistv5
Published
2005-10-21 04:00
Modified
2024-08-07 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:15:37.358Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#415828", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/415828" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf" }, { "name": "1015036", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015036" }, { "name": "oval:org.mitre.oval:def:1284", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1284" }, { "name": "MS05-044", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-044" }, { "name": "17223", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17223" }, { "name": "oval:org.mitre.oval:def:1416", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1416" }, { "name": "oval:org.mitre.oval:def:1146", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1146" }, { "name": "17172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17172" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html" }, { "name": "17163", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17163" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when \"Enable Folder View for FTP Sites\" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "VU#415828", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/415828" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf" }, { "name": "1015036", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015036" }, { "name": "oval:org.mitre.oval:def:1284", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1284" }, { "name": "MS05-044", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-044" }, { "name": "17223", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17223" }, { "name": "oval:org.mitre.oval:def:1416", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1416" }, { "name": "oval:org.mitre.oval:def:1146", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1146" }, { "name": "17172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17172" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html" }, { "name": "17163", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17163" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2005-2126", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when \"Enable Folder View for FTP Sites\" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#415828", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/415828" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf" }, { "name": "1015036", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015036" }, { "name": "oval:org.mitre.oval:def:1284", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1284" }, { "name": "MS05-044", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-044" }, { "name": "17223", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17223" }, { "name": "oval:org.mitre.oval:def:1416", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1416" }, { "name": "oval:org.mitre.oval:def:1146", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1146" }, { "name": "17172", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17172" }, { "name": "http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html", "refsource": "MISC", "url": "http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html" }, { "name": "17163", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17163" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2005-2126", "datePublished": "2005-10-21T04:00:00", "dateReserved": "2005-07-02T00:00:00", "dateUpdated": "2024-08-07T22:15:37.358Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0420 (GCVE-0-2004-0420)
Vulnerability from cvelistv5
Published
2004-04-20 04:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:17:14.914Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-clsid-file-extension-spoofing(14964)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14964" }, { "name": "9510", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9510" }, { "name": "TA04-196A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "name": "10736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10736/" }, { "name": "oval:org.mitre.oval:def:2894", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894" }, { "name": "oval:org.mitre.oval:def:3386", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386" }, { "name": "oval:org.mitre.oval:def:3604", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604" }, { "name": "oval:org.mitre.oval:def:2245", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245" }, { "name": "20040127 GOOROO CROSSING: File Spoofing Internet Explorer 6", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/351379" }, { "name": "oval:org.mitre.oval:def:3533", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533" }, { "name": "VU#106324", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/106324" }, { "name": "20040127 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.security-express.com/archives/bugtraq/2004-01/0300.html" }, { "name": "oval:org.mitre.oval:def:2381", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381" }, { "name": "MS04-024", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-01-27T00:00:00", "descriptions": [ { "lang": "en", "value": "The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ie-clsid-file-extension-spoofing(14964)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14964" }, { "name": "9510", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9510" }, { "name": "TA04-196A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "name": "10736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10736/" }, { "name": "oval:org.mitre.oval:def:2894", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894" }, { "name": "oval:org.mitre.oval:def:3386", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386" }, { "name": "oval:org.mitre.oval:def:3604", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604" }, { "name": "oval:org.mitre.oval:def:2245", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245" }, { "name": "20040127 GOOROO CROSSING: File Spoofing Internet Explorer 6", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/351379" }, { "name": "oval:org.mitre.oval:def:3533", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533" }, { "name": "VU#106324", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/106324" }, { "name": "20040127 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.security-express.com/archives/bugtraq/2004-01/0300.html" }, { "name": "oval:org.mitre.oval:def:2381", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381" }, { "name": "MS04-024", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0420", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-clsid-file-extension-spoofing(14964)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14964" }, { "name": "9510", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9510" }, { "name": "TA04-196A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "name": "10736", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10736/" }, { "name": "oval:org.mitre.oval:def:2894", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894" }, { "name": "oval:org.mitre.oval:def:3386", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386" }, { "name": "oval:org.mitre.oval:def:3604", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604" }, { "name": "oval:org.mitre.oval:def:2245", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245" }, { "name": "20040127 GOOROO CROSSING: File Spoofing Internet Explorer 6", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/351379" }, { "name": "oval:org.mitre.oval:def:3533", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533" }, { "name": "VU#106324", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/106324" }, { "name": "20040127 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6", "refsource": "BUGTRAQ", "url": "http://www.security-express.com/archives/bugtraq/2004-01/0300.html" }, { "name": "oval:org.mitre.oval:def:2381", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381" }, { "name": "MS04-024", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0420", "datePublished": "2004-04-20T04:00:00", "dateReserved": "2004-04-19T00:00:00", "dateUpdated": "2024-08-08T00:17:14.914Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0479 (GCVE-0-2004-0479)
Vulnerability from cvelistv5
Published
2004-05-20 04:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:17:15.053Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20040514 IE Crash - Anyone Seen This Before?", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html" }, { "name": "20040516 Re: IE Crash - Anyone Seen This Before?", "tags": [ "mailing-list", "x_refsource_VULN-DEV", "x_transferred" ], "url": "http://marc.info/?l=vuln-dev\u0026m=108476938219070\u0026w=2" }, { "name": "20040514 IE Crash - Anyone Seen This Before?", "tags": [ "mailing-list", "x_refsource_VULN-DEV", "x_transferred" ], "url": "http://marc.info/?l=vuln-dev\u0026m=108457938412310\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-05-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20040514 IE Crash - Anyone Seen This Before?", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html" }, { "name": "20040516 Re: IE Crash - Anyone Seen This Before?", "tags": [ "mailing-list", "x_refsource_VULN-DEV" ], "url": "http://marc.info/?l=vuln-dev\u0026m=108476938219070\u0026w=2" }, { "name": "20040514 IE Crash - Anyone Seen This Before?", "tags": [ "mailing-list", "x_refsource_VULN-DEV" ], "url": "http://marc.info/?l=vuln-dev\u0026m=108457938412310\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0479", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20040514 IE Crash - Anyone Seen This Before?", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html" }, { "name": "20040516 Re: IE Crash - Anyone Seen This Before?", "refsource": "VULN-DEV", "url": "http://marc.info/?l=vuln-dev\u0026m=108476938219070\u0026w=2" }, { "name": "20040514 IE Crash - Anyone Seen This Before?", "refsource": "VULN-DEV", "url": "http://marc.info/?l=vuln-dev\u0026m=108457938412310\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0479", "datePublished": "2004-05-20T04:00:00", "dateReserved": "2004-05-17T00:00:00", "dateUpdated": "2024-08-08T00:17:15.053Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0216 (GCVE-0-2004-0216)
Vulnerability from cvelistv5
Published
2004-10-16 04:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:10:03.744Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:5316", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ngssoftware.com/advisories/msinsengfull.txt" }, { "name": "VU#637760", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/637760" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "ie-installenginectl-setciffile-bo(17620)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17620" }, { "name": "oval:org.mitre.oval:def:7865", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "oval:org.mitre.oval:def:7717", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717" }, { "name": "oval:org.mitre.oval:def:6100", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100" }, { "name": "oval:org.mitre.oval:def:6600", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600" }, { "name": "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=110616383332055\u0026w=2" }, { "name": "20041012 Microsoft Internet Explorer Install Engine Control Buffer Overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109760693512754\u0026w=2" }, { "name": "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)", "tags": [ "mailing-list", "x_refsource_NTBUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=ntbugtraq\u0026m=110619893620517\u0026w=2" }, { "name": "oval:org.mitre.oval:def:5329", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-10-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:5316", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ngssoftware.com/advisories/msinsengfull.txt" }, { "name": "VU#637760", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/637760" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "ie-installenginectl-setciffile-bo(17620)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17620" }, { "name": "oval:org.mitre.oval:def:7865", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "oval:org.mitre.oval:def:7717", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717" }, { "name": "oval:org.mitre.oval:def:6100", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100" }, { "name": "oval:org.mitre.oval:def:6600", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600" }, { "name": "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=110616383332055\u0026w=2" }, { "name": "20041012 Microsoft Internet Explorer Install Engine Control Buffer Overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109760693512754\u0026w=2" }, { "name": "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)", "tags": [ "mailing-list", "x_refsource_NTBUGTRAQ" ], "url": "http://marc.info/?l=ntbugtraq\u0026m=110619893620517\u0026w=2" }, { "name": "oval:org.mitre.oval:def:5329", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0216", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:5316", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316" }, { "name": "http://www.ngssoftware.com/advisories/msinsengfull.txt", "refsource": "MISC", "url": "http://www.ngssoftware.com/advisories/msinsengfull.txt" }, { "name": "VU#637760", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/637760" }, { "name": "MS04-038", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "ie-installenginectl-setciffile-bo(17620)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17620" }, { "name": "oval:org.mitre.oval:def:7865", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865" }, { "name": "TA04-293A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "oval:org.mitre.oval:def:7717", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717" }, { "name": "oval:org.mitre.oval:def:6100", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100" }, { "name": "oval:org.mitre.oval:def:6600", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600" }, { "name": "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=110616383332055\u0026w=2" }, { "name": "20041012 Microsoft Internet Explorer Install Engine Control Buffer Overflow", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109760693512754\u0026w=2" }, { "name": "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)", "refsource": "NTBUGTRAQ", "url": "http://marc.info/?l=ntbugtraq\u0026m=110619893620517\u0026w=2" }, { "name": "oval:org.mitre.oval:def:5329", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0216", "datePublished": "2004-10-16T04:00:00", "dateReserved": "2004-03-11T00:00:00", "dateUpdated": "2024-08-08T00:10:03.744Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2006-04-11 23:02
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/18957 | Patch, Vendor Advisory | |
secure@microsoft.com | http://securityreason.com/securityalert/670 | ||
secure@microsoft.com | http://securitytracker.com/id?1015899 | Patch | |
secure@microsoft.com | http://www.securityfocus.com/bid/17460 | Patch | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/1318 | Vendor Advisory | |
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/25557 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1498 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1645 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1725 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1740 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18957 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/670 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015899 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/17460 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/1318 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/25557 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1498 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1645 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1725 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1740 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*", "matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*", "matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*", "matchCriteriaId": "3665D68D-8E1E-4FA9-97B9-9E099DDE84F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow \"window content to persist\" after the user has navigated to another site, aka the \"Address Bar Spoofing Vulnerability.\" NOTE: this is a different vulnerability than CVE-2006-1626." } ], "id": "CVE-2006-1192", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-04-11T23:02:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/18957" }, { "source": "secure@microsoft.com", "url": "http://securityreason.com/securityalert/670" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://securitytracker.com/id?1015899" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/17460" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25557" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1498" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1645" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1725" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1740" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/18957" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/670" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://securitytracker.com/id?1015899" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/17460" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25557" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1498" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1645" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1725" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1740" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-06-13 19:06
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/20595 | Vendor Advisory | |
secure@microsoft.com | http://securitytracker.com/id?1016291 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/959049 | US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/26442 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/437041/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/18328 | Patch | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/2319 | Vendor Advisory | |
secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-06-018.html | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/26774 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1135 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1767 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1830 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1928 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1973 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2017 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20595 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016291 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/959049 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/26442 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/437041/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18328 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2319 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-06-018.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/26774 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1135 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1767 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1830 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1928 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1973 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2017 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection." } ], "id": "CVE-2006-1303", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-06-13T19:06:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20595" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016291" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/26442" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/437041/100/0/threaded" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/18328" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26774" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1135" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1767" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1830" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1928" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1973" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2017" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20595" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016291" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26442" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/437041/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/18328" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26774" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1135" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1767" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1830" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1928" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1973" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2017" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-03-30 00:19
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/ | Broken Link | |
cve@mitre.org | http://research.eeye.com/html/alerts/zeroday/20070328.html | Third Party Advisory | |
cve@mitre.org | http://vil.nai.com/vil/content/v_141860.htm | Broken Link | |
cve@mitre.org | http://www.avertlabs.com/research/blog/?p=230 | Third Party Advisory | |
cve@mitre.org | http://www.avertlabs.com/research/blog/?p=233 | Third Party Advisory | |
cve@mitre.org | http://www.microsoft.com/technet/security/advisory/935423.mspx | Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/archive/1/464287/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/464345/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/23194 | Third Party Advisory, VDB Entry | |
cve@mitre.org | http://www.securitytracker.com/id?1017827 | Third Party Advisory, VDB Entry | |
cve@mitre.org | http://www.vupen.com/english/advisories/2007/1151 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/ | Broken Link | |
af854a3a-2127-422b-91ae-364da2661108 | http://research.eeye.com/html/alerts/zeroday/20070328.html | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://vil.nai.com/vil/content/v_141860.htm | Broken Link | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.avertlabs.com/research/blog/?p=230 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.avertlabs.com/research/blog/?p=233 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.microsoft.com/technet/security/advisory/935423.mspx | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/464287/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/464345/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23194 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1017827 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1151 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | - | |
microsoft | windows_2003_server | - | |
microsoft | windows_2003_server | - | |
microsoft | windows_2003_server | - | |
microsoft | windows_2003_server | - | |
microsoft | windows_vista | * | |
microsoft | windows_vista | * | |
microsoft | windows_vista | * | |
microsoft | windows_vista | * | |
microsoft | windows_vista | * | |
microsoft | windows_vista | * | |
microsoft | windows_vista | * | |
microsoft | windows_vista | * | |
microsoft | windows_vista | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
avaya | ip600_media_servers | * | |
microsoft | ie | 7.0 | |
microsoft | internet_explorer | * | |
avaya | definity_one_media_server | * | |
avaya | s3400 | * | |
avaya | s8100 | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:advanced_server:*:*:*", "matchCriteriaId": "AA3A09BE-A21F-452A-AD64-D78DF3380832", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:datacenter_server:*:*:*", "matchCriteriaId": "28628E93-4651-4857-A706-DE6FD3580C67", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:professional:*:*:*", "matchCriteriaId": "ECC01F98-D6F4-4E85-A955-073E60E90AE8", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:ja:server:*:*:*", "matchCriteriaId": "CE1C0272-4570-4F11-8414-12CB9D3BCEE4", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:advanced_server:*:*:*", "matchCriteriaId": "FD093703-ADE8-4E8A-A709-FCDD038C7D35", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:datacenter_server:*:*:*", "matchCriteriaId": "035D5A83-D654-413E-8640-622F29B20DFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:professional:*:*:*", "matchCriteriaId": "A55C505B-9947-4265-AD6C-8DE0523B4D01", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:server:*:*:*", "matchCriteriaId": "E7A27C63-4B55-461B-8383-1A51688027B6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:advanced_server:*:*:*", "matchCriteriaId": "7614879A-D4A3-47AD-B9ED-BF1215E639A6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:datacenter_server:*:*:*", "matchCriteriaId": "B0311224-650D-4D20-AF33-59928355F190", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:server:*:*:*", "matchCriteriaId": "29EA0849-935B-4767-B9CE-3896D0975DBF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:advanced_server:*:*:*", "matchCriteriaId": "27E3BBCC-B815-4512-B786-17FFC1C09297", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:datacenter_server:*:*:*", "matchCriteriaId": "54C7B5CA-D37E-4FDE-A900-B9EAE7ACA65F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:professional:*:*:*", "matchCriteriaId": "1A6229F8-7710-44FE-93DA-47AA4E09179E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:server:*:*:*", "matchCriteriaId": "AA73DF99-991C-4677-AAB7-C19FAB4405D5", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:advanced_server:*:*:*", "matchCriteriaId": "50A1A0E5-40BD-437C-A3F0-CC4BA3186DBC", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:datacenter_server:*:*:*", "matchCriteriaId": "B5A46321-D38D-49CD-9A3A-AC1D9946EB4F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:professional:*:*:*", "matchCriteriaId": "47087873-68DF-418C-BFCD-5E8234560CAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:server:*:*:*", "matchCriteriaId": "B7799481-E15D-4DAF-8EE7-63CECD0DF93B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp2:*:*:professional:*:*:*", "matchCriteriaId": "4F2339C6-3BAA-48DD-BE2C-EA4271F35772", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:datacenter:*:*:*", "matchCriteriaId": "865CC1A8-4FCA-49EC-B402-56AB27BF8AD1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A2166C33-6596-433D-8510-9A90B1679C80", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:standard:*:*:*", "matchCriteriaId": "9BC12FB3-5FCE-467F-B738-9D89B328BF7D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:web_edition:*:*:*", "matchCriteriaId": "76BD407C-26BE-4C0E-9536-B93F1DA64124", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x86:*", "matchCriteriaId": "24F477B8-F69D-4F2D-9045-D2D453F3C222", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:business:*:*:*", "matchCriteriaId": "6F7D5E7E-ABB8-4F0F-B1B4-93590933C124", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:december_ctp:*:*:*", "matchCriteriaId": "49BBAFF8-FB79-44A6-8334-D0FA6B896495", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "FFAF1539-A847-4F54-B0EB-039E9BFF2562", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:home_basic:*:*:*", "matchCriteriaId": "99A41253-6047-4060-A966-454A46ECD415", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:home_premium:*:*:*", "matchCriteriaId": "99FCD96E-986C-4AD6-865C-CACE9FCA4E8E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:beta:*:*:*:*:*:*", "matchCriteriaId": "63A83ABE-7DB1-4A5E-9FA7-A273DCD65DF9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:beta1:*:*:*:*:*:*", "matchCriteriaId": "28550D88-BD1A-464C-83C1-0EEC97FAA1CE", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:beta2:*:*:*:*:*:*", "matchCriteriaId": "584B16B3-6EA0-4C20-91BD-D988C667D89E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:home:*:*:*", "matchCriteriaId": "82E4DD01-9720-4072-899C-3F0953490F19", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:media_center:*:*:*", "matchCriteriaId": "BB64666D-8DC2-4CF9-B6B6-98B97DA17F2A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:professional:*:*:*", "matchCriteriaId": "B4F42327-FE64-4462-B354-95E9B2CDDAFC", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:tablet_pc:*:*:*", "matchCriteriaId": "A5EEE1A0-CD79-4458-8E6C-705F705AA06C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*", "matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AD86898-37BB-46C6-AC7E-0A733398E2D7", "versionEndIncluding": "6", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCB0BA4C-BA48-4DDA-917E-9EA9E04A898F", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier." }, { "lang": "es", "value": "Una vulnerabilidad no especificada en Microsoft Windows 2000 SP4 hasta Windows Vista permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (reinicio persistente) por medio de un archivo ANI malformado, lo que resulta en una corrupci\u00f3n de memoria durante el procesamiento de cursores, cursores animados e iconos, un problema similar al CVE-2005-0416, como se demostr\u00f3 originalmente usando Internet Explorer versiones 6 y 7. NOTA: este problema podr\u00eda ser un duplicado del CVE-2007-0038; si es as\u00ed, utilizar el CVE-2007-0038 en lugar de este identificador." } ], "id": "CVE-2007-1765", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-03-30T00:19:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://research.eeye.com/html/alerts/zeroday/20070328.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://vil.nai.com/vil/content/v_141860.htm" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.avertlabs.com/research/blog/?p=230" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.avertlabs.com/research/blog/?p=233" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.microsoft.com/technet/security/advisory/935423.mspx" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/23194" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id?1017827" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/1151" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://research.eeye.com/html/alerts/zeroday/20070328.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://vil.nai.com/vil/content/v_141860.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.avertlabs.com/research/blog/?p=230" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.avertlabs.com/research/blog/?p=233" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.microsoft.com/technet/security/advisory/935423.mspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/23194" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id?1017827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/1151" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-05-18 14:20
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx | Exploit | |
cve@mitre.org | http://secunia.com/advisories/30141 | Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/29217 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2008/1529/references | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/42416 | ||
cve@mitre.org | https://www.exploit-db.com/exploits/5619 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30141 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/29217 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1529/references | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/42416 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/5619 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 8.0b | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:8.0b:*:*:*:*:*:*:*", "matchCriteriaId": "587DAAD1-F33D-41EB-B752-36B9D87FC19B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document." }, { "lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la caracter\u00edstica Print Table of Links de Internet Explorer 6.0, 7.0 y 8.0b permite a atacantes remotos asistidos por el usuario inyectar secuencias de comandos web o HTML en la Zona de M\u00e1quina Local mediante un documento HTML con un enlace que contiene secuencias JavaScript, que se eval\u00faan por un script de recurso cuando un usuario imprime el documento." } ], "id": "CVE-2008-2281", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-05-18T14:20:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30141" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29217" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1529/references" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42416" }, { "source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5619" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30141" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/29217" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1529/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42416" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/5619" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-12-14 11:03
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/15368 | ||
secure@microsoft.com | http://secunia.com/advisories/18064 | ||
secure@microsoft.com | http://secunia.com/advisories/18311 | ||
secure@microsoft.com | http://securitytracker.com/id?1015350 | ||
secure@microsoft.com | http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf | ||
secure@microsoft.com | http://www.securityfocus.com/bid/15825 | Patch | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2005/2867 | ||
secure@microsoft.com | http://www.vupen.com/english/advisories/2005/2909 | ||
secure@microsoft.com | http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/23451 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/15368 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18064 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18311 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015350 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15825 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2867 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2909 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/23451 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka \"HTTPS Proxy Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Interntet Explorer 5.01, 5.5 y 6, cuando usan un servidor proxy HTTPS que requiere autenticaci\u00f3n b\u00e1sica, env\u00eda la URL en texto claro, lo que permite a atacantes remotos obtener informaci\u00f3n sensible, tcc \"Vulnerabilidad proxy HTTPS\"" } ], "id": "CVE-2005-2830", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-12-14T11:03:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/15368" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/18064" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/18311" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015350" }, { "source": "secure@microsoft.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/15825" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "source": "secure@microsoft.com", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23451" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/15368" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18064" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18311" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015350" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/15825" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23451" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-11-29 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246972 | ||
cve@mitre.org | http://www.securityfocus.com/bid/828 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246972 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/828 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*", "matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled." } ], "id": "CVE-1999-0839", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-11-29T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246972" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/828" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246972" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/828" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=107643134712133&w=2 | ||
cve@mitre.org | http://www.securityfocus.com/bid/9629 | Patch, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/15127 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=107643134712133&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9629 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/15127 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*", "matchCriteriaId": "3FE6EAE0-5A8F-4A97-950B-879379A3C0F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2002:sp1:*:*:*:*:*:*", "matchCriteriaId": "D3A4D9C5-A698-4523-8756-5D7EBAA47951", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2002:sp2:*:*:*:*:*:*", "matchCriteriaId": "D0E20E02-43B2-499B-ADDD-B5B7003894D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*", "matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if \"Do not save encrypted pages to disk\" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name." }, { "lang": "es", "value": "Microsoft Internet Explorer 6.0, Outlook 2002, y Outlook 2003 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (consumici\u00f3n de CPU) si est\u00e1 desactivado \"No guardar las p\u00e1ginas cifradas en el disco), mediante un sitio web o un mensaje de correo electr\u00f3nico que contenga dos caract\u00e9res nulos (%00) despu\u00e9s del nombre de m\u00e1quina." } ], "id": "CVE-2004-0284", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-11-23T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=107643134712133\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9629" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15127" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=107643134712133\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15127" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-06-13 19:06
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/20605 | Vendor Advisory | |
secure@microsoft.com | http://securitytracker.com/id?1016292 | ||
secure@microsoft.com | http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/923236 | Patch, US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/26432 | ||
secure@microsoft.com | http://www.securityfocus.com/bid/18394 | Patch | |
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-164A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/2320 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/26809 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20605 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016292 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/923236 | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/26432 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18394 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-164A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2320 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/26809 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 6.0 | |
microsoft | windows_2003_server | datacenter_edition | |
microsoft | windows_2003_server | datacenter_edition | |
microsoft | windows_2003_server | datacenter_edition_64-bit | |
microsoft | windows_2003_server | datacenter_edition_64-bit | |
microsoft | windows_2003_server | enterprise_64-bit | |
microsoft | windows_2003_server | enterprise_edition | |
microsoft | windows_2003_server | enterprise_edition_64-bit | |
microsoft | windows_2003_server | enterprise_edition_64-bit | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | standard | |
microsoft | windows_2003_server | standard | |
microsoft | windows_2003_server | standard_64-bit | |
microsoft | windows_2003_server | web | |
microsoft | windows_2003_server | web | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*", "matchCriteriaId": "480D8321-EB2F-4626-A16B-F3C2B771EDB3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*", "matchCriteriaId": "E3538DA2-B040-426D-9ADC-7C5BE9C2D4E4", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "3F633513-6E9A-4F2D-964A-6AFDE5307AD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*", "matchCriteriaId": "4ED8947F-2490-41CA-A7B3-2C93D69C3F8E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*", "matchCriteriaId": "E6E3EB90-92C9-4B69-B58C-087D382DC579", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "F3AF27C8-C2FA-477D-8332-B96277530B4E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*", "matchCriteriaId": "BB1CE6C6-6E6E-4C4E-A7B1-DC6651864298", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*", "matchCriteriaId": "4E9E190B-A109-4177-A5B5-7BD32573762E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*", "matchCriteriaId": "709E6DA0-09F8-4EAB-B1B2-D4D0A7771AC1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*", "matchCriteriaId": "4B5F54BB-A80E-42F2-A700-82C1240E23D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "A3AC387D-BB23-4EB9-A7DA-6E3F5CD8EFD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*", "matchCriteriaId": "76BDFB16-D71F-4E33-83FD-F0F2AE2FAE7F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*", "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*", "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*", "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*", "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption." } ], "id": "CVE-2006-2378", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-06-13T19:06:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20605" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016292" }, { "source": "secure@microsoft.com", "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/923236" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/26432" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/18394" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/2320" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26809" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20605" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016292" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/923236" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26432" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/18394" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2320" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26809" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-12-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 4.0 | |
microsoft | internet_explorer | 3.0 | |
microsoft | internet_explorer | 3.0.2 | |
microsoft | internet_explorer | 3.1 | |
microsoft | internet_explorer | 3.2 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.1 | |
microsoft | internet_explorer | 4.5 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.0:a_mac_os:*:*:*:*:*:*", "matchCriteriaId": "35AA9DC0-0694-48FC-8652-831DFAB29226", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function." } ], "id": "CVE-2000-0028", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "1999-12-23T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0028" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-07-18 15:47
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html | ||
cve@mitre.org | http://www.osvdb.org/27109 | ||
cve@mitre.org | http://www.securityfocus.com/bid/19029 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2832 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/27762 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27109 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19029 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2832 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27762 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 6 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property." }, { "lang": "es", "value": "Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (excepci\u00f3n de desbordamiento de pila) a trav\u00e9s del objeto de ActiveX DXImageTransform.Microsoft.Gradient con una propiedad larga (1) StartColorStr o (2) EndColorStr." } ], "id": "CVE-2006-3657", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-07-18T15:47:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/27109" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19029" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2832" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27762" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27109" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19029" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2832" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27762" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-11-14 21:07
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.osvdb.org/31324 | ||
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA06-318A.html | US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/31324 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-318A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en controles ActiveX DirectAnimation para Microsoft Internet Explorer 5.01 hasta 6 tiene impacto y vectores desconocidos, posiblemente relacionados con (1) Danim.dll y (2) Lmrt.dll, un conjunto diferente de vulnerabilidades que CVE-2006-4446 y CVE-2006-4777." } ], "id": "CVE-2006-5884", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-11-14T21:07:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.osvdb.org/31324" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/31324" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=full-disclosure&m=110895997201027&w=2 | ||
cve@mitre.org | http://secunia.com/advisories/14335 | ||
cve@mitre.org | http://www.securityfocus.com/bid/12602 | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/19452 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=full-disclosure&m=110895997201027&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14335 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/12602 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/19452 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks." } ], "id": "CVE-2005-0500", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-05-02T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=full-disclosure\u0026m=110895997201027\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/14335" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/12602" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19452" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure\u0026m=110895997201027\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/14335" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/12602" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19452" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-01-14 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function." } ], "id": "CVE-2005-0110", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2005-01-14T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=full-disclosure\u0026m=110569119106172\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure\u0026m=110569119106172\u0026w=2" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-06-01 20:30
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://websecurity.com.ua/4238/ | Exploit | |
cve@mitre.org | http://www.securityfocus.com/archive/1/511509/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://websecurity.com.ua/4238/ | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/511509/100/0/threaded |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 8.0.7600.16385 | |
microsoft | internet_explorer | 6.0.2900.2180 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:8.0.7600.16385:*:*:*:*:*:*:*", "matchCriteriaId": "1B5A9719-9C14-4843-A6A9-CF4AF804B37D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs." }, { "lang": "es", "value": "Vulnerabilidad en Microsoft Internet Explorer v6.0.2900.2180 y v8.0.7600.16385 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de recursos) a trav\u00e9s de c\u00f3digo JavaScript que contenga un bucle infinito que crea elementos IFRAME a URIs de tipo news://" } ], "id": "CVE-2010-2118", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2010-06-01T20:30:02.947", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://websecurity.com.ua/4238/" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/511509/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://websecurity.com.ua/4238/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/511509/100/0/threaded" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-10-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/bid/1564 | Patch, Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1564 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "D0BDA2A8-EBB9-47AB-9DA0-5C24527F7210", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows:*:*:*:*:*", "matchCriteriaId": "D2CFDA81-A703-4330-88B0-F3F18B3BB7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "A7B6FB02-F15F-486D-8E7C-40830ABDB62F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*", "matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the \"Frame Domain Verification\" vulnerability." } ], "id": "CVE-2000-0768", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2000-10-20T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1564" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1564" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-02-13 23:28
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/24156 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/771788 | US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/31893 | ||
secure@microsoft.com | http://www.osvdb.org/31894 | ||
secure@microsoft.com | http://www.osvdb.org/31895 | ||
secure@microsoft.com | http://www.securityfocus.com/bid/22504 | ||
secure@microsoft.com | http://www.securitytracker.com/id?1017643 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA07-044A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2007/0584 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/32427 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A257 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24156 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/771788 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/31893 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/31894 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/31895 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22504 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1017643 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-044A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0584 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/32427 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A257 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | internet_explorer | 5.01 | |
microsoft | windows_2000 | * | |
microsoft | ie | 6.0 | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | internet_explorer | 6.0 | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | internet_explorer | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*", "matchCriteriaId": "B058588A-88F3-4789-8EA9-0D37447B08CA", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*", "matchCriteriaId": "3C9649DB-D417-4CCC-9F61-685ECB355AD7", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*", "matchCriteriaId": "722526B1-12E3-42E7-95ED-84A86D0C189A", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*", "matchCriteriaId": "722526B1-12E3-42E7-95ED-84A86D0C189A", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*", "matchCriteriaId": "74EE55A2-6020-4591-9F15-80E57D19207C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697." }, { "lang": "es", "value": "Microsoft Internet Explorer 5.01, 6, y 7 utiliza ciertos objetos COM de (1) Msb1fren.dll, (2) Htmlmm.ocx, y (3) Blnmgrps.dll como controles ActiveX, lo cual permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados, un vector diferente que CVE-2006-4697." } ], "id": "CVE-2007-0219", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-02-13T23:28:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/24156" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/771788" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/31893" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/31894" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/31895" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/22504" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1017643" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32427" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A257" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24156" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/771788" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/31893" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/31894" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/31895" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22504" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017643" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32427" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A257" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-06-07 16:02
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html | ||
cve@mitre.org | http://secunia.com/advisories/20449 | Vendor Advisory | |
cve@mitre.org | http://securityreason.com/securityalert/1059 | ||
cve@mitre.org | http://www.securityfocus.com/bid/18308 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2161 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20449 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/1059 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18308 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2161 | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*", "matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*", "matchCriteriaId": "B1D7486F-1B6C-4705-B73C-F763F36F5150", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*", "matchCriteriaId": "6DBFDCF4-ACC7-4196-BA4D-2A35FAA5E1F0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*", "matchCriteriaId": "5E49636B-A425-4595-9663-A22A9F7C7D30", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*", "matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*", "matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true }, { "criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form." } ], "id": "CVE-2006-2900", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-06-07T16:02:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20449" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1059" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18308" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2161" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20449" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1059" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18308" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2161" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.iss.net/security_center/static/11848.php | Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/11848.php | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the \"Third Party Plugin Rendering\" vulnerability, a different vulnerability than CVE-2003-0233." }, { "lang": "es", "value": "Microsoft Internet Explorer 5.01, 5.5 y 6.0 no verifica adecuadamente par\u00e1metros que son pasados mientras dibujan componentes de terceros, lo que podr\u00eda permitir a atacantes remotos ejecutar script web arbitrario, tambi\u00e9n conocida como vulnerabilidad de \"Dibujo de plugin de terceros\", una vulnerabilidad distinta de CAN-2003-0233." } ], "id": "CVE-2003-0115", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-05-12T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11848.php" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11848.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-11-29 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html | ||
cve@mitre.org | http://www.cert.org/advisories/CA-2002-33.html | Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/542081 | US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/bid/6214 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/10659 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/10669 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2002-33.html | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/542081 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/6214 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/10659 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/10669 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | data_access_components | 2.1 | |
microsoft | data_access_components | 2.5 | |
microsoft | data_access_components | 2.6 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:data_access_components:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A3BFD086-7F94-4482-AC27-E4FAD418B767", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:data_access_components:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "49A5B686-0B8A-4904-8166-24D899D24ED5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:data_access_components:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "01EAE3CC-D507-40A4-9198-873EE0E3DCE2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en la pila en el componente Remote Data Services (RDS) - Servicios de Datos Remotos de Microsoft Data Access Components (MDAC) 2.1 a 2.6, y en Internet Explorer 5.01 a 6.0 permite a atacantes remotos ejecutar c\u00f3digo mediante una petici\u00f3n HTTP malformada al toc\u00f3n (stub de datos)." } ], "id": "CVE-2002-1142", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-11-29T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2002-33.html" }, { "source": "cve@mitre.org", "url": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/542081" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6214" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10659" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10669" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2002-33.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/542081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6214" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10659" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10669" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-12-22 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ249082 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ249082 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 4.5 | |
microsoft | outlook_express | 5.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.5:*:macintosh:*:*:*:*:*", "matchCriteriaId": "55EAB232-C39A-4737-85F3-3D727C727F2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:5.0:*:macos:*:*:*:*:*", "matchCriteriaId": "0C607D22-B01D-4404-9657-0D322CE59B0D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the \"HTML Mail Attachment\" vulnerability." } ], "id": "CVE-2000-0036", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-12-22T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ249082" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ249082" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://securityreason.com/securityalert/3292 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/320544 | ||
cve@mitre.org | http://www.securityfocus.com/bid/7502 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/11946 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3292 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/320544 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/7502 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/11946 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick \"A\" object with a blank href attribute." } ], "id": "CVE-2003-1484", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2003-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3292" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/320544" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/7502" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11946" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3292" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/320544" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/7502" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11946" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-07-11 23:05
Modified
2025-04-03 01:03
Severity ?
Summary
danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html | Exploit | |
cve@mitre.org | http://www.osvdb.org/27013 | ||
cve@mitre.org | http://www.securityfocus.com/bid/18902 | Exploit | |
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2719 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/27622 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27013 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18902 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2719 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27622 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.0.2900.2180 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "A53E9D33-ECCD-428B-A117-3EB04B9554C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference." }, { "lang": "es", "value": "danim.dll de Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) \t\r\npor acceder a los datos de propiedad de un objeto DirectAnimation DAUserData antes de que sea inicializado, lo cual dispara un puntero a referencia NULL." } ], "id": "CVE-2006-3513", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-07-11T23:05:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/27013" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/18902" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2719" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27622" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/18902" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2719" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27622" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-09-14 00:07
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/21910 | Vendor Advisory | |
cve@mitre.org | http://securityreason.com/securityalert/1577 | ||
cve@mitre.org | http://securitytracker.com/id?1016854 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/377369 | US Government Resource | |
cve@mitre.org | http://www.microsoft.com/technet/security/advisory/925444.mspx | ||
cve@mitre.org | http://www.osvdb.org/28842 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/445898/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/446065/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/446084/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/446085/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/446246/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/20047 | ||
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA06-318A.html | US Government Resource | |
cve@mitre.org | http://www.vupen.com/english/advisories/2006/3593 | Vendor Advisory | |
cve@mitre.org | http://www.xsec.org/index.php?module=releases&act=view&type=2&id=20 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28942 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1103 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21910 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/1577 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016854 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/377369 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.microsoft.com/technet/security/advisory/925444.mspx | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/28842 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/445898/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/446065/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/446084/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/446085/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/446246/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/20047 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-318A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3593 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.xsec.org/index.php?module=releases&act=view&type=2&id=20 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28942 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1103 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en mont\u00f3n en el DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) para el Internet Explorer 6.0 SP1 en chino y posiblemente en otras distribuciones de, permite a un atacante remoto ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de manipulaciones desconocidas en los argumentos del m\u00e9todo KeyFrame, relacionado posiblemente con un desbordamiento del n\u00famero entero, seg\u00fan lo demostrado por daxctle2, y una vulnerabilidad diferente a la CVE-2006-4446." } ], "id": "CVE-2006-4777", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-09-14T00:07:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21910" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1577" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016854" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/377369" }, { "source": "cve@mitre.org", "url": "http://www.microsoft.com/technet/security/advisory/925444.mspx" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/28842" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/445898/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446065/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446084/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446085/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446246/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20047" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/3593" }, { "source": "cve@mitre.org", "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=2\u0026id=20" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28942" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1103" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21910" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1577" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016854" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/377369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.microsoft.com/technet/security/advisory/925444.mspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28842" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/445898/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/446065/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/446084/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/446085/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/446246/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/20047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/3593" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=2\u0026id=20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28942" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1103" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/10192 | ||
cve@mitre.org | http://securitytracker.com/id?1007687 | ||
cve@mitre.org | http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/326412 | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/337086 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/10192 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1007687 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/326412 | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/337086 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window\u0027s \"href\" to the malicious Javascript, then calling execCommand(\"Refresh\") to refresh the page, aka BodyRefreshLoadsJPU or the \"ExecCommand Cross Domain\" vulnerability." }, { "lang": "es", "value": "Internet Explorer 6 SP1 y anteriores permiten que atacantes remotos se salten restricciones y ejecuten Javascript fijando el \"\"href\"\" al Javascript malicioso y a continuaci\u00f3n llamando al comando execCommand(\"\"Refresh\"\"). Tambi\u00e9n se la conoce como vulnerabilidad \"\"ExecCommand Cross Domain\"\" o BodyRefreshLoadsJPU ." } ], "id": "CVE-2003-0814", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-02-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/10192" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1007687" }, { "source": "cve@mitre.org", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/326412" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/337086" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/10192" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1007687" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/326412" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/337086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html | ||
cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=109942758911846&w=2 | ||
cve@mitre.org | http://secunia.com/advisories/12959/ | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/842160 | Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/archive/1/379261 | ||
cve@mitre.org | http://www.securityfocus.com/bid/11515 | ||
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-315A.html | US Government Resource | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-336A.html | US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17889 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109942758911846&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/12959/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/842160 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/379261 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11515 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-315A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-336A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17889 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
avaya | ip600_media_servers | * | |
avaya | ip600_media_servers | r6 | |
avaya | ip600_media_servers | r7 | |
avaya | ip600_media_servers | r8 | |
avaya | ip600_media_servers | r9 | |
avaya | ip600_media_servers | r10 | |
avaya | ip600_media_servers | r11 | |
avaya | ip600_media_servers | r12 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
avaya | definity_one_media_server | * | |
avaya | definity_one_media_server | r6 | |
avaya | definity_one_media_server | r7 | |
avaya | definity_one_media_server | r8 | |
avaya | definity_one_media_server | r9 | |
avaya | definity_one_media_server | r10 | |
avaya | definity_one_media_server | r11 | |
avaya | definity_one_media_server | r12 | |
avaya | s3400 | * | |
avaya | s8100 | * | |
avaya | s8100 | r6 | |
avaya | s8100 | r7 | |
avaya | s8100 | r8 | |
avaya | s8100 | r9 | |
avaya | s8100 | r10 | |
avaya | s8100 | r11 | |
avaya | s8100 | r12 | |
avaya | modular_messaging_message_storage_server | s3400 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*", "matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r6:*:*:*:*:*:*:*", "matchCriteriaId": "421DCFC1-D1DF-4081-96C1-A1FA69632B40", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r7:*:*:*:*:*:*:*", "matchCriteriaId": "8AB4E5D4-712A-4F8B-9571-23C5841FE653", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r8:*:*:*:*:*:*:*", "matchCriteriaId": "0B61857E-9B4A-480B-8381-4C1213063D8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r9:*:*:*:*:*:*:*", "matchCriteriaId": "E9AF988E-D84B-4F47-BBF6-E08C6615E838", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r10:*:*:*:*:*:*:*", "matchCriteriaId": "74D156F2-E2BD-4E72-9776-21BCC3B3EC3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r11:*:*:*:*:*:*:*", "matchCriteriaId": "CC8CC2A7-E209-45FC-B4F7-83FAD79E2452", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:r12:*:*:*:*:*:*:*", "matchCriteriaId": "18CBDA7C-1E0E-470C-A740-807C559FBA43", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r6:*:*:*:*:*:*:*", "matchCriteriaId": "8EB98D81-7F43-46BD-9713-C1036F123ECF", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r7:*:*:*:*:*:*:*", "matchCriteriaId": "F71B32E1-650F-48F6-B04A-F54B5CB12FFF", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r8:*:*:*:*:*:*:*", "matchCriteriaId": "9C7A48D2-7CDB-40DE-95C0-EDF6CDDF7A80", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r9:*:*:*:*:*:*:*", "matchCriteriaId": "F67BC930-C6D3-40FC-A44F-49A3A6E9B016", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r10:*:*:*:*:*:*:*", "matchCriteriaId": "6469B5B2-9939-4163-A6C9-CC50D3358401", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r11:*:*:*:*:*:*:*", "matchCriteriaId": "DCB9EF69-E099-4908-AC09-EE2811E39F55", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:r12:*:*:*:*:*:*:*", "matchCriteriaId": "D3129813-C6BA-48B1-944B-D34D7A0F0F21", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCB0BA4C-BA48-4DDA-917E-9EA9E04A898F", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:r6:*:*:*:*:*:*:*", "matchCriteriaId": "F28E0D07-ED87-44D0-A771-FB5C9D5CA32E", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:r7:*:*:*:*:*:*:*", "matchCriteriaId": "0F01F490-DA2A-4C89-9C9A-1B2B1CFF8849", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:r8:*:*:*:*:*:*:*", "matchCriteriaId": "F867CCDD-DDAC-4802-8AE3-9CEDB7F0FDF3", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:r9:*:*:*:*:*:*:*", "matchCriteriaId": "FD501EF0-7531-47DD-A4A8-1F3790401A55", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:r10:*:*:*:*:*:*:*", "matchCriteriaId": "7DC0D2D7-B6E2-40D3-8830-E0AF518253E7", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:r11:*:*:*:*:*:*:*", "matchCriteriaId": "436EF2B4-B365-4307-B345-24527D7B5909", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:r12:*:*:*:*:*:*:*", "matchCriteriaId": "1562F7ED-5821-43AA-92CE-9BD7E67A47F8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*", "matchCriteriaId": "9BFF29C7-E5AA-44EB-B1A9-602B3692D893", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\"" } ], "id": "CVE-2004-1050", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html" }, { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/12959/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/842160" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/379261" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/11515" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/12959/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/842160" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/379261" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/11515" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-04-11 23:02
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/18957 | Patch, Vendor Advisory | |
secure@microsoft.com | http://securitytracker.com/id?1015900 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/959049 | US Government Resource | |
secure@microsoft.com | http://www.securityfocus.com/bid/17453 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-101A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/1318 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/25545 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18957 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015900 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/959049 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/17453 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-101A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/1318 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/25545 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.01 | |
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption." } ], "id": "CVE-2006-1186", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-04-11T23:02:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/18957" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015900" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/17453" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/18957" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015900" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-04-08 23:05
Modified
2025-04-09 00:30
Severity ?
Summary
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://marc.info/?l=bugtraq&m=120845064910729&w=2 | ||
secure@microsoft.com | http://marc.info/?l=bugtraq&m=120845064910729&w=2 | ||
secure@microsoft.com | http://secunia.com/advisories/27707 | Patch, Vendor Advisory | |
secure@microsoft.com | http://secunia.com/secunia_research/2007-100/advisory/ | Vendor Advisory | |
secure@microsoft.com | http://www.securityfocus.com/archive/1/490840/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/28552 | ||
secure@microsoft.com | http://www.securitytracker.com/id?1019801 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA08-099A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2008/1148/references | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=120845064910729&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=120845064910729&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27707 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2007-100/advisory/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/490840/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28552 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1019801 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA08-099A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1148/references | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.01 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 7 | |
microsoft | ie | 7 | |
microsoft | ie | 7 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*", "matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "5B5F31E2-2060-45BC-9724-A447544905E0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "574EE6CB-7AF4-4DE2-B668-36BBCB19FCC1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "BE2858A5-C9BF-40D8-B3D2-056562BF1C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_sp2:*:*:*:*:*", "matchCriteriaId": "75234062-241B-421A-B7BC-610A5B0D8EF9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_sp2_itanium:*:*:*:*:*", "matchCriteriaId": "82D6ABD4-C607-44E8-8D84-25406AE0F3C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_x64_edition:*:*:*:*:*", "matchCriteriaId": "379FE901-58AC-4F47-9B3B-9A40D723CC88", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "EC18DBBB-9C9E-4532-B390-92C35E52943A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_xp_professional_x64_edition:*:*:*:*:*", "matchCriteriaId": "49C8060E-CFB9-4EEA-B5B9-B7607B046AE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_xp_professional_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "FB17CABD-21BE-454F-9602-19DB444A574C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp2:*:*:*:*:*", "matchCriteriaId": "3994AE83-EC42-4893-AF51-BC98F35A53CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp2_itanium:*:*:*:*:*", "matchCriteriaId": "33F4B074-7BA5-4A36-A866-945D771D2EA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_x64_edition:*:*:*:*:*", "matchCriteriaId": "491333D2-FDB1-4FC8-B54C-19E06B57FC33", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "E8453618-EDD7-41F4-840E-AA323A873B2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2008_itanium_edition:*:*:*:*:*", "matchCriteriaId": "35B0471D-79F8-4DB8-B777-57054CE11B9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2008_x32_edition:*:*:*:*:*", "matchCriteriaId": "DE97ECE1-417A-4E5D-A4A6-730C10694397", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2008_x64_edition:*:*:*:*:*", "matchCriteriaId": "DCD51C3D-0A76-4552-A292-448C65859ED6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_vista:*:*:*:*:*", "matchCriteriaId": "E5E8CC5B-B8E9-4B54-AE32-4632E77F0320", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_vista_x64:*:*:*:*:*", "matchCriteriaId": "EA7D9655-718E-42D6-9752-64BA3AAC5546", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_xp_professional_x64_edition:*:*:*:*:*", "matchCriteriaId": "8E5B894F-6E15-46DA-93B4-EAB9468D37A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_xp_professional_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "CCE0AF0B-DF2A-4F3F-8F5C-0E4056A34229", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler." }, { "lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n en Microsoft Internet Explorer 5.01 SP4, 6 hasta SP1, y 7, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena de datos manipulada que provoca una corrupci\u00f3n de memoria, tal como se ha demostrado utilizando un MIME-type no v\u00e1lido que no conten\u00eda un manejador registrado." } ], "id": "CVE-2008-1085", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-04-08T23:05:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2" }, { "source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/27707" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/secunia_research/2007-100/advisory/" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/490840/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/28552" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1019801" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2008/1148/references" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/27707" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/secunia_research/2007-100/advisory/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/490840/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28552" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019801" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1148/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-12-12 00:46
Modified
2025-04-09 00:30
Severity ?
Summary
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631 | ||
secure@microsoft.com | http://secunia.com/advisories/28036 | Vendor Advisory | |
secure@microsoft.com | http://securitytracker.com/id?1019078 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/484887/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/26506 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA07-345A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2007/4184 | Vendor Advisory | |
secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-07-073.html | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/38713 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28036 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019078 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/484887/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26506 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-345A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4184 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-07-073.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/38713 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.x | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.2.3 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0.5730.11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*", "matchCriteriaId": "B0DCFCBD-8EDF-47B5-823F-5E05CD22AF4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of \"Uninitialized Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Una vulnerabilidad de uso de memoria previamente liberada en la funci\u00f3n CRecalcProperty en la biblioteca mshtml.dll en Microsoft Internet Explorer versiones 5.01 hasta 7, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el llamado m\u00e9todo setExpression y, a continuaci\u00f3n, modificando la propiedad outerHTML de un elemento HTML, una variante de \"Uninitialized Memory Corruption Vulnerability\u201d." } ], "id": "CVE-2007-3902", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-12-12T00:46:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28036" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1019078" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/484887/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/26506" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-073.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38713" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28036" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1019078" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/484887/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26506" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-073.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38713" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" }, { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-04-15 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html | Exploit, Vendor Advisory | |
cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application." }, { "lang": "es", "value": "Microsoft Internet Explorer permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicaci\u00f3n web mediante secuencias de atravesamiento de directorios \"%2e%2e\" (punto punto codificado) en una URL, lo que hace que Internet Explorer env\u00ede la cookie fuera de los subconjuntos de URL especificados, por ejemplo a una aplicaci\u00f3n vulnerable que corre en el mismo servidor que la aplicaci\u00f3n objetivo." } ], "id": "CVE-2003-0513", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-04-15T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html" }, { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=109107496214572&w=2 | ||
cve@mitre.org | http://marc.info/?l=full-disclosure&m=109060455614702&w=2 | ||
cve@mitre.org | http://marc.info/?l=full-disclosure&m=109102919426844&w=2 | ||
cve@mitre.org | http://secunia.com/advisories/12806 | ||
cve@mitre.org | http://www.ciac.org/ciac/bulletins/p-006.shtml | ||
cve@mitre.org | http://www.ecqurity.com/adv/IEstyle.html | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.kb.cert.org/vuls/id/291304 | US Government Resource | |
cve@mitre.org | http://www.securiteam.com/exploits/5NP042KF5A.html | ||
cve@mitre.org | http://www.securityfocus.com/bid/10816 | Exploit, Patch, Vendor Advisory | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16675 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109107496214572&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=full-disclosure&m=109060455614702&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=full-disclosure&m=109102919426844&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/12806 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ciac.org/ciac/bulletins/p-006.shtml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ecqurity.com/adv/IEstyle.html | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/291304 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securiteam.com/exploits/5NP042KF5A.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10816 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16675 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
avaya | ip600_media_servers | * | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 | |
avaya | definity_one_media_server | * | |
avaya | s3400 | * | |
avaya | s8100 | * | |
avaya | modular_messaging_message_storage_server | 1.1 | |
avaya | modular_messaging_message_storage_server | 2.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*", "matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCB0BA4C-BA48-4DDA-917E-9EA9E04A898F", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E25F5CF2-F891-41CA-A40C-13966F72FDF8", "vulnerable": true }, { "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7417958C-5321-41D6-9D1A-D16BF5511E81", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from \"memory corruption\") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the \"\u003cSTYLE\u003e@;/*\" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the \"CSS Heap Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Internet Explorer 6.1 SP1 y anteriores, y posiblemente otras versiones, permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n por \"corrupci\u00f3n de memoria\") mediante ciertos elementos de Hoja de Estilos en Cascada (CSS), como se ha demostrado usanto la cadena \"\u003cSTYLE\u003e@;/*\", posiblemente debido a un terminador de comentario ausente que puede causar una longitud inv\u00e1lida que dispare una operaci\u00f3n de copia de memoria grande." } ], "id": "CVE-2004-0842", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-23T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/12806" }, { "source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/p-006.shtml" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.ecqurity.com/adv/IEstyle.html" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/291304" }, { "source": "cve@mitre.org", "url": "http://www.securiteam.com/exploits/5NP042KF5A.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10816" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/12806" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/p-006.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.ecqurity.com/adv/IEstyle.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/291304" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securiteam.com/exploits/5NP042KF5A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10816" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-11-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=110178042025729&w=2 | ||
cve@mitre.org | http://marc.info/?l=ntbugtraq&m=110174346717733&w=2 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/431576 | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17651 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17652 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=110178042025729&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=ntbugtraq&m=110174346717733&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/431576 | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17651 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17652 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the \"Address Bar Spoofing on Double Byte Character Set Systems Vulnerability.\"" }, { "lang": "es", "value": "Internet Explorer 6 en sistemas de Juego de Caract\u00e9res de Byte Doble (BDCS) permite a atacantes remotos alterar la barra de direcciones mostrada y suplantar p\u00e1ginas web mediante una URL conteniendo caracteres especiales, lo que facilita ataques de phising, tambi\u00e9n llamada \"Vulnerabilidad de suplantaci\u00f3n de barra de direcciones en sistemas con juegos de caract\u00e9res de doble byte\"" } ], "id": "CVE-2004-0844", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-11-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/431576" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/431576" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2011-06-03 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 | ||
cve@mitre.org | http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt | ||
cve@mitre.org | http://news.cnet.com/8301-1009_3-20066419-83.html | ||
cve@mitre.org | http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/ | ||
cve@mitre.org | http://www.informationweek.com/news/security/vulnerabilities/229700031 | ||
cve@mitre.org | http://www.networkworld.com/community/node/74259 | ||
cve@mitre.org | http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/ | ||
cve@mitre.org | http://www.youtube.com/watch?v=V95CX-3JpK0 | ||
cve@mitre.org | http://www.youtube.com/watch?v=VsSkcnIFCxM | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820 | ||
cve@mitre.org | https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://news.cnet.com/8301-1009_3-20066419-83.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.informationweek.com/news/security/vulnerabilities/229700031 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.networkworld.com/community/node/74259 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.youtube.com/watch?v=V95CX-3JpK0 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.youtube.com/watch?v=VsSkcnIFCxM | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 9 | |
microsoft | internet_explorer | * | |
microsoft | internet_explorer | 3.0 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 5 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 8 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:9:beta:*:*:*:*:*:*", "matchCriteriaId": "4594B15E-22ED-4DDE-B35A-2CF8F4629729", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FF2A1DF-843B-4276-AC4E-EF6BC3CACCA9", "versionEndIncluding": "9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue, aka \"Drag and Drop Information Disclosure Vulnerability.\" NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release." }, { "lang": "es", "value": "Microsoft Internet Explorer versi\u00f3n 9 y anteriores, no restringen apropiadamente las acciones de arrastrar y soltar en zona cruzada, lo que permite a los atacantes remotos asistidos por el usuario leer archivos de cookies por medio de vectores que involucran un elemento IFRAME con un atributo SRC que contiene una URL http: que redirecciona hacia URL file:, como es demostrado por un juego de Facebook, relacionado con un problema de \"cookiejacking\", tambi\u00e9n se conoce como \"Drag and Drop Information Disclosure Vulnerability\". NOTA: esta vulnerabilidad se presenta debido a una correcci\u00f3n incompleta en la versi\u00f3n 9 de Internet Explorer." } ], "id": "CVE-2011-2383", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2011-06-03T17:55:00.840", "references": [ { "source": "cve@mitre.org", "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" }, { "source": "cve@mitre.org", "url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt" }, { "source": "cve@mitre.org", "url": "http://news.cnet.com/8301-1009_3-20066419-83.html" }, { "source": "cve@mitre.org", "url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" }, { "source": "cve@mitre.org", "url": "http://www.informationweek.com/news/security/vulnerabilities/229700031" }, { "source": "cve@mitre.org", "url": "http://www.networkworld.com/community/node/74259" }, { "source": "cve@mitre.org", "url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" }, { "source": "cve@mitre.org", "url": "http://www.youtube.com/watch?v=V95CX-3JpK0" }, { "source": "cve@mitre.org", "url": "http://www.youtube.com/watch?v=VsSkcnIFCxM" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820" }, { "source": "cve@mitre.org", "url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://news.cnet.com/8301-1009_3-20066419-83.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.informationweek.com/news/security/vulnerabilities/229700031" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.networkworld.com/community/node/74259" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.youtube.com/watch?v=V95CX-3JpK0" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.youtube.com/watch?v=VsSkcnIFCxM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-07-10 19:05
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html | ||
cve@mitre.org | http://www.osvdb.org/26837 | ||
cve@mitre.org | http://www.securityfocus.com/bid/18873 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2701 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/27592 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/26837 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18873 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2701 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27592 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windowsxp:*:*:*:*:*", "matchCriteriaId": "DACE76B0-02BC-4624-A21E-405A893D7437", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_xp:*:*:*:*:*", "matchCriteriaId": "BA04D0A1-23AE-4C0F-8FE3-FD88D75CDA03", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method." }, { "lang": "es", "value": "Microsoft Internet Explorer 6 en Windows XP, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una tabla con un frameset (conjunto de marcos) como hijo, esto provoca una referencia nula, como se ha demostrado utilizando el m\u00e9todo appendChild." } ], "id": "CVE-2006-3471", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-07-10T19:05:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/26837" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18873" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2701" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27592" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26837" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18873" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27592" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html | Exploit | |
cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html | ||
cve@mitre.org | http://www.securityfocus.com/bid/15268 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15268 | Exploit |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*", "matchCriteriaId": "14F55877-A759-4C8A-84D5-70508E449799", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar." } ], "id": "CVE-2005-4717", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/15268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/15268" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-02-26 23:28
Modified
2025-04-09 00:30
Severity ?
Summary
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/24314 | ||
cve@mitre.org | http://www.hardened-php.net/advisory_032007.142.html | Vendor Advisory | |
cve@mitre.org | http://www.osvdb.org/32119 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/461076/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/22701 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2007/0744 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24314 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.hardened-php.net/advisory_032007.142.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/32119 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/461076/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22701 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0744 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set." }, { "lang": "es", "value": "Los marcos hijo en Microsoft Internet Explorer 7 heredan el juego de caracteres de la ventana padre cuando un juego de caracteres no se ha especificado en una cabecera HTTP Content-Type o en una etiqueta META, lo cual permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) , como se demuestra usando el juego de caracteres UTF-7." } ], "id": "CVE-2007-1114", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-02-26T23:28:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24314" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.hardened-php.net/advisory_032007.142.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/32119" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461076/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22701" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0744" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24314" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.hardened-php.net/advisory_032007.142.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/32119" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/461076/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0744" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-04-15 08:00
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://osvdb.org/53625 | ||
secure@microsoft.com | http://secunia.com/advisories/34678 | ||
secure@microsoft.com | http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm | ||
secure@microsoft.com | http://www.securitytracker.com/id?1022042 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA09-104A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2009/1028 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/53625 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34678 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022042 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-104A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1028 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | windows_2000 | * | |
microsoft | internet_explorer | 6 | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*", "matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*", "matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*", "matchCriteriaId": "29EDE745-5A26-42BF-AFDE-7D985BB09D44", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*", "matchCriteriaId": "2D48D876-6A88-4B52-9322-9F019BFA19B9", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka \"Uninitialized Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Vulnerabilidad no especificada en Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 en Windows XP SP2 y SP3, y 6 en Windows Server 2003 SP1 y SP2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una p\u00e1gina web que dispara la presencia de un objeto en memoria que (1) no fue inicializado adecuadamente o (2) borrado, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria sin inicializar\"." } ], "id": "CVE-2009-0552", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-04-15T08:00:00.640", "references": [ { "source": "secure@microsoft.com", "url": "http://osvdb.org/53625" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/34678" }, { "source": "secure@microsoft.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1022042" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2009/1028" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/53625" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34678" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022042" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/1028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" }, { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html | Exploit, Vendor Advisory | |
cve@mitre.org | http://marc.info/?l=bugtraq&m=106149026621753&w=2 | ||
cve@mitre.org | http://www.eeye.com/html/Research/Advisories/AD20030820.html | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/865940 | Third Party Advisory, US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106149026621753&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.eeye.com/html/Research/Advisories/AD20030820.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/865940 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the \"Object Type\" vulnerability." }, { "lang": "es", "value": "Internet Explorer 5.01 SP3 a 6.0 SP1 no determina adecuadamente tipos de objetos devueltos por los servidores web, lo que podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una etiqueta \"object\" con un par\u00e1metro de datos a un fichero malicioso almacenado en un servidor que devuelve un \"Content-Type\" inseguro; tambi\u00e9n llamada vulnerabilidad de \"Tipo de Objeto\"." } ], "id": "CVE-2003-0532", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-08-27T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106149026621753\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.eeye.com/html/Research/Advisories/AD20030820.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/865940" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106149026621753\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.eeye.com/html/Research/Advisories/AD20030820.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/865940" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-10-30 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.osvdb.org/1972 | ||
cve@mitre.org | http://www.securityfocus.com/bid/3421 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/7259 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/1972 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3421 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/7259 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:*:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "66815960-CEFF-477A-A147-963A112206CF", "versionEndIncluding": "6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the \"HTTP Request Encoding vulnerability.\"" } ], "id": "CVE-2001-0665", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-10-30T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.osvdb.org/1972" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/3421" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7259" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/1972" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/3421" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7259" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=108422905510713&w=2 | ||
cve@mitre.org | http://www.kurczaba.com/securityadvisories/0405132poc.htm | ||
cve@mitre.org | http://www.securityfocus.com/bid/10308 | Exploit, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16102 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=108422905510713&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kurczaba.com/securityadvisories/0405132poc.htm | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10308 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16102 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 | |
microsoft | outlook | 97 | |
microsoft | outlook | 98 | |
microsoft | outlook | 2000 | |
microsoft | outlook | 2000 | |
microsoft | outlook | 2000 | |
microsoft | outlook | 2000 | |
microsoft | outlook | 2002 | |
microsoft | outlook | 2002 | |
microsoft | outlook | 2002 | |
microsoft | outlook | 2002 | |
microsoft | outlook | 2003 | |
microsoft | outlook_express | 4.0 | |
microsoft | outlook_express | 4.01 | |
microsoft | outlook_express | 4.27.3110 | |
microsoft | outlook_express | 4.72.2106 | |
microsoft | outlook_express | 4.72.3120.0 | |
microsoft | outlook_express | 4.72.3612 | |
microsoft | outlook_express | 5.0 | |
microsoft | outlook_express | 5.0.1 | |
microsoft | outlook_express | 5.5 | |
microsoft | outlook_express | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:97:*:*:*:*:*:*:*", "matchCriteriaId": "D1D5CC3A-E880-4727-AEBE-1E4FE5A43AF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:98:*:*:*:*:*:*:*", "matchCriteriaId": "52970A43-173E-477B-80BF-6FDBB6B0EECD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*", "matchCriteriaId": "D52F17AB-2C87-4C1A-91B5-267ABBCF5844", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2000:sp2:*:*:*:*:*:*", "matchCriteriaId": "8A343E57-CF86-4500-96D2-7172B93808BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2000:sp3:*:*:*:*:*:*", "matchCriteriaId": "BBE43EAE-9397-44E4-AE3D-44CEA47699DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2000:sr1:*:*:*:*:*:*", "matchCriteriaId": "52A5E941-25A7-405E-B330-8101D6829B43", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*", "matchCriteriaId": "3FE6EAE0-5A8F-4A97-950B-879379A3C0F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2002:sp1:*:*:*:*:*:*", "matchCriteriaId": "D3A4D9C5-A698-4523-8756-5D7EBAA47951", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2002:sp2:*:*:*:*:*:*", "matchCriteriaId": "D0E20E02-43B2-499B-ADDD-B5B7003894D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2002:sp3:*:*:*:*:*:*", "matchCriteriaId": "ACCF73A2-FFD7-41E0-B1BF-E5B4590F51FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*", "matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6764F97F-6906-4953-BB1C-AA6345FA8FBE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:4.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "B2FEDFE4-ADD1-4B93-ABFC-0F04E0F6572E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:4.27.3110:*:*:*:*:*:*:*", "matchCriteriaId": "3A5A497C-D03E-4666-BFCE-632F9943DB96", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:4.72.2106:*:*:*:*:*:*:*", "matchCriteriaId": "5D635E46-B428-498D-9C6C-7CA9EB397C96", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:4.72.3120.0:*:*:*:*:*:*:*", "matchCriteriaId": "7769EE2E-A740-4AE8-B1B1-A5256C12601D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:4.72.3612:*:*:*:*:*:*:*", "matchCriteriaId": "F6C57670-B009-4C06-BAFD-B5212750F298", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F71D6D7-6CB2-4BE9-839A-A5714144029C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A72832FD-812D-4175-AA50-DC1DDAD5B954", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "57C8ACA2-A3C6-4435-9C0C-B316879FE1FA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "85FD3557-956D-4A96-8AA5-5FD9DB87FD11", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack." }, { "lang": "es", "value": "Versiones desconocidas de Internet Explorer y Outlook permiten a atacantes remotos suplantar URL leg\u00edtimas en la barra de estado mediante etiquetas A HREF con valores \"alt\" modificados que apuntan al sitio leg\u00edtimo, combinado con un mapa de imagen cuyo HREF apunta al sitio malicioso, lo que facilita ataques de suplantaci\u00f3n para robo de datos (phising)." } ], "id": "CVE-2004-0526", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-08-06T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=108422905510713\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.kurczaba.com/securityadvisories/0405132poc.htm" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10308" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=108422905510713\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kurczaba.com/securityadvisories/0405132poc.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10308" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html | Exploit | |
cve@mitre.org | http://secunia.com/advisories/12304 | Exploit, Vendor Advisory | |
cve@mitre.org | http://securitytracker.com/id?1010957 | Exploit | |
cve@mitre.org | http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt | ||
cve@mitre.org | http://www.osvdb.org/8978 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17007 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/12304 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1010957 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/8978 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17007 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake." } ], "id": "CVE-2004-2219", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://secunia.com/advisories/12304" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://securitytracker.com/id?1010957" }, { "source": "cve@mitre.org", "url": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/8978" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17007" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://secunia.com/advisories/12304" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://securitytracker.com/id?1010957" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/8978" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17007" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=109536612321898&w=2 | ||
cve@mitre.org | http://secunia.com/advisories/12580/ | ||
cve@mitre.org | http://securitytracker.com/id?1011331 | ||
cve@mitre.org | http://www.securityfocus.com/bid/11186 | Vendor Advisory | |
cve@mitre.org | https://bugzilla.mozilla.org/show_bug.cgi?id=252342 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109536612321898&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/12580/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1011331 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11186 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=252342 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
kde | konqueror | 2.1.1 | |
kde | konqueror | 2.1.2 | |
kde | konqueror | 2.2.1 | |
kde | konqueror | 2.2.2 | |
kde | konqueror | 3.0 | |
kde | konqueror | 3.0.1 | |
kde | konqueror | 3.0.2 | |
kde | konqueror | 3.0.3 | |
kde | konqueror | 3.0.5 | |
kde | konqueror | 3.0.5b | |
kde | konqueror | 3.1 | |
kde | konqueror | 3.1.1 | |
kde | konqueror | 3.1.2 | |
kde | konqueror | 3.1.3 | |
kde | konqueror | 3.1.4 | |
kde | konqueror | 3.1.5 | |
kde | konqueror | 3.2.1 | |
kde | konqueror | 3.2.3 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
mozilla | firefox | 0.9.2 | |
suse | suse_linux | 1.0 | |
suse | suse_linux | 8 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "417F34FB-A6B0-4090-BDC9-6D4C1BF0D3D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "61416A22-7309-4890-80B8-6E7C09C7BE8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F918814C-F129-4534-921A-38AF678A7016", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D435E39F-4F70-481B-9225-B072B79BEB69", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "8AD68BAB-8945-4A22-938E-12C01D0111D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7B3220BF-B0AF-4C90-89BD-B425EE58021D", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FA53FB7A-AF7F-45B2-AF23-11B1FC4EC289", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "619EB7F6-8694-4344-A4C9-A35DA58391AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "7FED2DFC-592C-4FD3-B0B7-C670C78F56DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.5b:*:*:*:*:*:*:*", "matchCriteriaId": "9EC65385-B190-44BE-9AF8-B14F48303046", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F7BAE27-7AB1-4DBD-98AD-6109F0D9A458", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "AF8A54F6-96A9-44B8-97C8-50DA7276708D", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "1001754B-8EDB-41A2-9D5D-6E2A2B556DD0", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "C8D57D87-3E6A-4A73-85BA-EE679E9DA8D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "60BE888B-FE26-4378-B853-29995A55920C", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "99E4FC9B-F47C-4BD5-B2C7-23CBAD2D5488", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0172B167-5780-4F80-ACC9-2FB8B60D6717", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "3C0DB31D-D075-409C-9ED9-A9E1D96332CA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*", "matchCriteriaId": "C7EAAD04-D7C4-43DE-B488-1AAD014B503E", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session. NOTE: it was later reported that 2.x is also affected." }, { "lang": "es", "value": "Mozilla Firefox 0.9.2 pemite a sitios web establecer cookies para dominios de nivel superior espec\u00edficos de pa\u00edses, como .ltd.uk, .plc.uk, y .sch.uk, lo que podr\u00eda permitir a atacantes remotos realizar ataques de fijaci\u00f3n de sesi\u00f3n y secuestrar sesiones HTTP de un usuario. NOTA: se ha informado posteriormente que la versi\u00f3n 2.X tambi\u00e9n se encuentra afectada por esta vulnerabilidad." } ], "id": "CVE-2004-0867", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-23T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/12580/" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1011331" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11186" }, { "source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/12580/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1011331" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11186" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-10-26 17:07
Modified
2025-04-09 00:30
Severity ?
Summary
Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx | ||
cve@mitre.org | http://secunia.com/advisories/22542 | Exploit | |
cve@mitre.org | http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/ | Exploit, Vendor Advisory | |
cve@mitre.org | http://securitytracker.com/id?1017122 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/347188 | US Government Resource | |
cve@mitre.org | http://www.osvdb.org/30022 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/449917/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/20728 | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/29827 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22542 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/ | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1017122 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/347188 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/30022 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/449917/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/20728 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/29827 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL." }, { "lang": "es", "value": "Vulnerabilidad de truncamiento visual en Microsoft Internet Explorer 7 permite a atacantes remotos suplantar la barra de direcciones y posiblemente conducir ataques de phising mediante una URL maliciosa que contiene espacios non-breaking (%A0), y que causa que la barra de direcciones omita algunos caracteres de la URL." } ], "id": "CVE-2006-5544", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-10-26T17:07:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://secunia.com/advisories/22542" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017122" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/347188" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/30022" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/20728" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://secunia.com/advisories/22542" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017122" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/347188" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/30022" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/20728" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29827" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-08-10 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/16373/ | Patch, Vendor Advisory | |
secure@microsoft.com | http://securitytracker.com/id?1014643 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/959049 | US Government Resource | |
secure@microsoft.com | http://www.securityfocus.com/bid/14511 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA05-221A.html | Patch, US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2005/1353 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16373/ | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1014643 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/959049 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14511 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA05-221A.html | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/1353 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka \"COM Object Instantiation Memory Corruption Vulnerability,\" a different vulnerability than CVE-2005-2087." } ], "id": "CVE-2005-1990", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2005-08-10T04:00:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/16373/" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1014643" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/14511" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2005/1353" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/16373/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1014643" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/14511" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2005/1353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-23 01:04
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://securityreason.com/securityalert/1439 | ||
cve@mitre.org | http://www.osvdb.org/29524 | ||
cve@mitre.org | http://www.osvdb.org/29525 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/443907/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/19640 | Exploit | |
cve@mitre.org | http://xsec.org/index.php?module=releases&act=view&type=1&id=17 | Exploit, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28516 | ||
cve@mitre.org | https://www.exploit-db.com/exploits/4251 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/1439 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/29524 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/29525 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/443907/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19640 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://xsec.org/index.php?module=releases&act=view&type=1&id=17 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28516 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/4251 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1." }, { "lang": "es", "value": "Microsoft Internet Explorer 6.0 SP1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un atributo Color largo en m\u00faltiples objetos DirectX Media Image DirectX Transforms ActiveX COM de (a) dxtmsft.dll y (b) dxtmsft3.dll, incluyendo (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1 y (3) DX3DTransform.Microsoft.Shapes.1." } ], "id": "CVE-2006-4301", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-08-23T01:04:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1439" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/29524" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/29525" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/443907/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19640" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=17" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28516" }, { "source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4251" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1439" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/29524" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/29525" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/443907/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19640" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=17" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28516" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/4251" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-06-02 10:18
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/20384 | Vendor Advisory | |
cve@mitre.org | http://securitytracker.com/id?1016654 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/891204 | US Government Resource | |
cve@mitre.org | http://www.osvdb.org/25949 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/435492/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/435609/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/435616/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/18198 | Exploit | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA06-220A.html | US Government Resource | |
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2088 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/26810 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20384 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016654 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/891204 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/25949 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/435492/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/435609/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/435616/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18198 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-220A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2088 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/26810 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file." } ], "id": "CVE-2006-2766", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-06-02T10:18:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20384" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016654" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/891204" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/25949" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/435492/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/435609/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/435616/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/18198" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2088" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26810" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20384" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016654" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/891204" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/25949" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/435492/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/435609/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/435616/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/18198" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2088" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26810" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html | ||
cve@mitre.org | http://secunia.com/advisories/12048 | ||
cve@mitre.org | http://securitytracker.com/id?1010679 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/413886 | US Government Resource | |
cve@mitre.org | http://www.osvdb.org/7774 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/368652 | Exploit, Patch, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/archive/1/368666 | ||
cve@mitre.org | http://www.securityfocus.com/bid/10690 | Exploit, Patch, Vendor Advisory | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16675 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/12048 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1010679 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/413886 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/7774 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/368652 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/368666 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10690 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16675 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
avaya | ip600_media_servers | * | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 | |
avaya | definity_one_media_server | * | |
avaya | s3400 | * | |
avaya | s8100 | * | |
avaya | modular_messaging_message_storage_server | 1.1 | |
avaya | modular_messaging_message_storage_server | 2.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*", "matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCB0BA4C-BA48-4DDA-917E-9EA9E04A898F", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E25F5CF2-F891-41CA-A40C-13966F72FDF8", "vulnerable": true }, { "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7417958C-5321-41D6-9D1A-D16BF5511E81", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\"" }, { "lang": "es", "value": "Internet Explorer 6.x permite a atacantes remotos instalar programas de su elecci\u00f3n mediante eventos mousedown que llaman al m\u00e9todo Popup.show y usan acciones \"arrastrar y soltar\" en una ventana emergente, tambi\u00e9n conocida como \"HijackClick 3\" y la \"Vulnerabilidad de descarga de fichero con scritp en etiqueta de imagen\"" } ], "id": "CVE-2004-0841", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-23T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/12048" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1010679" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/413886" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/7774" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/368652" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/368666" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10690" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/12048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1010679" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/413886" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/7774" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/368652" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/368666" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10690" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-31 22:04
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://securityreason.com/securityalert/1474 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/443896/100/100/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/19636 | ||
cve@mitre.org | http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=16 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28512 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/1474 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/443896/100/100/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19636 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=16 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28512 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | windows_2003_server | 2000_server | |
microsoft | windows_2003_server | 2000_server | |
microsoft | windows_2003_server | 2000_server | |
microsoft | windows_2003_server | 2000_server | |
microsoft | windows_2003_server | 2000_server | |
microsoft | windows_2003_server | advanced_server | |
microsoft | windows_2003_server | advanced_server | |
microsoft | windows_2003_server | advanced_server | |
microsoft | windows_2003_server | advanced_server | |
microsoft | windows_2003_server | advanced_server | |
microsoft | windows_2003_server | datacenter_server | |
microsoft | windows_2003_server | datacenter_server | |
microsoft | windows_2003_server | datacenter_server | |
microsoft | windows_2003_server | datacenter_server | |
microsoft | windows_2003_server | datacenter_server | |
microsoft | windows_2003_server | professional | |
microsoft | windows_2003_server | professional | |
microsoft | windows_2003_server | professional | |
microsoft | windows_2003_server | professional | |
microsoft | windows_2003_server | professional |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:*:*:*:*:*:*:*", "matchCriteriaId": "553C7040-9ECE-49E6-BDCC-0332245A7A1A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp1:*:*:*:*:*:*", "matchCriteriaId": "FA294E0D-311B-40E8-8466-63FBDD8FCB40", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp2:*:*:*:*:*:*", "matchCriteriaId": "EB69D534-6038-4547-B7E2-5FA840C59854", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp3:*:*:*:*:*:*", "matchCriteriaId": "0A35703F-52A0-4D81-8807-4DDA0525A221", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp4:*:*:*:*:*:*", "matchCriteriaId": "5A9437E8-5174-443D-8B63-ECDBFC5210F2", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:*:*:*:*:*:*:*", "matchCriteriaId": "2D2E683F-73A6-4A6E-8397-33723DD7D2A1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp1:*:*:*:*:*:*", "matchCriteriaId": "69D0C8BE-7D47-4D00-97E0-B6DC592869E3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp2:*:*:*:*:*:*", "matchCriteriaId": "DDE05474-2770-41D5-837D-F3C82339117C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp3:*:*:*:*:*:*", "matchCriteriaId": "C47A03EA-E084-4B88-8773-D1983A1D7461", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp4:*:*:*:*:*:*", "matchCriteriaId": "F1D1B206-AF93-4FF2-BF5A-E4200461F3B4", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:*:*:*:*:*:*:*", "matchCriteriaId": "E1C0007B-BA9C-4F09-87EF-6FF1467EB0F7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp1:*:*:*:*:*:*", "matchCriteriaId": "674BF239-9A20-4DE0-AE16-35AFA53F02A9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp2:*:*:*:*:*:*", "matchCriteriaId": "85F8C7B3-E5F8-4A48-A5E7-D8E9326B6D23", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp3:*:*:*:*:*:*", "matchCriteriaId": "D340FE0B-4A20-4DF6-B4D2-C2E61EC2802E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp4:*:*:*:*:*:*", "matchCriteriaId": "29DAB69E-096D-44BB-9B21-DD95CE9DFB3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:*:*:*:*:*:*:*", "matchCriteriaId": "810F8F74-4E89-409D-9D40-318B3590EC1A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:sp1:*:*:*:*:*:*", "matchCriteriaId": "842FBB47-E16D-452E-A3C7-FEAD9977F017", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:sp2:*:*:*:*:*:*", "matchCriteriaId": "B94E5DAA-0970-460D-94A9-5C407E34C4C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:sp3:*:*:*:*:*:*", "matchCriteriaId": "F8F07665-1C59-438C-AFF8-58C76681CB6C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:sp4:*:*:*:*:*:*", "matchCriteriaId": "E14908DD-3C61-4F33-BCB4-6C2E57C87DA6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll." }, { "lang": "es", "value": "Microsoft Internet Explorer permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n instanciando ciertos objetos Windows 2000 ActiveX COM incluyendo (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, y (4) creator.dll." } ], "id": "CVE-2006-4495", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-08-31T22:04:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1474" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/443896/100/100/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19636" }, { "source": "cve@mitre.org", "url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=16" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28512" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1474" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/443896/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19636" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=16" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28512" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-01-20 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=106979428718705&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=106979624321665&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=107038202225587&w=2 | ||
cve@mitre.org | http://www.osvdb.org/7890 | ||
cve@mitre.org | http://www.safecenter.net/UMBRELLAWEBV4/threadid10008 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/13847 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106979428718705&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106979624321665&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=107038202225587&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/7890 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/UMBRELLAWEBV4/threadid10008 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/13847 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008." }, { "lang": "es", "value": "La funci\u00f3n de descarga de Internet Explorer 6 SP1 permite a atacantes remotos obtener el nombre de directorio de cach\u00e9 mediante una respuesta HTTP con un ContentType inv\u00e1lido y un fichero .html, lo que podr\u00eda permitir a atacantes remotos saltarse mecanismos de seguridad que se basan en nombres aleatorios, como se demostr\u00f3 por threadid10008." } ], "id": "CVE-2003-1028", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-01-20T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106979428718705\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106979624321665\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/7890" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13847" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106979428718705\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106979624321665\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/7890" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13847" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=106148101210479&w=2 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/334928 | US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/12970 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106148101210479&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/334928 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/12970 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en Internet Explorer 6 SP1 para ciertos lenguajes que usan codificaci\u00f3n en dos bytes (como el Japon\u00e9s) permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la propiedad TYPE de una etiqueta OBJECT, una variante de CAN-2003-0344." } ], "id": "CVE-2003-0701", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-08-27T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106148101210479\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/334928" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12970" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106148101210479\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/334928" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12970" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/10192 | ||
cve@mitre.org | http://www.securityfocus.com/bid/9012 | Patch, Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/10192 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9012 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object." }, { "lang": "es", "value": "Internet Explorer 5.01 hasta la 6 SP1 permite que atacantes remotos se salten restricciones de seguirdad y lean ficheros arbitrarios mediante objetos XML." } ], "id": "CVE-2003-0817", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-02-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/10192" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9012" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/10192" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-12-11 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/5127 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/5127 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.x:*:*:*:*:*:*:*", "matchCriteriaId": "45091F51-BA28-4FEB-9F84-58AC2E1DB48F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*", "matchCriteriaId": "B0DCFCBD-8EDF-47B5-823F-5E05CD22AF4F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer\u0027s security settings and execute arbitrary commands via a malicious web page or email, aka the \"Microsoft VM ActiveX Component\" vulnerability." } ], "id": "CVE-2000-1061", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2000-12-11T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-09-19 21:07
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html | ||
cve@mitre.org | http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/ | ||
cve@mitre.org | http://www.osvdb.org/28614 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/28614 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:*:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "66815960-CEFF-477A-A147-963A112206CF", "versionEndIncluding": "6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT." }, { "lang": "es", "value": "Microsoft Internet Explorer 6 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (aplicaci\u00f3n que no responde) v\u00eda un elemento INPUT HTML con formato CSS dentro de un elemento DIV que tiene un tama\u00f1o mayor que el INPUT." } ], "id": "CVE-2006-4888", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-09-19T21:07:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html" }, { "source": "cve@mitre.org", "url": "http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/28614" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28614" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-07-31 23:04
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html | Exploit | |
cve@mitre.org | http://www.osvdb.org/27372 | ||
cve@mitre.org | http://www.securityfocus.com/bid/19113 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2954 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/27931 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27372 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19113 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2954 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27931 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference." }, { "lang": "es", "value": "Microsoft Internet Explorer 6 en Windows XP SP2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un objeto (1) Forms.ListBox.1 o (2) Forms.ListBox.1 con la propiedad ListWidth establecida a (a) 0x7fffffff, lo cual provoca una excepci\u00f3n de desbordamiento de entero, o a (b) 0x7ffffffe, lo cual provoca una referencia nula." } ], "id": "CVE-2006-3944", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-07-31T23:04:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/27372" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19113" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2954" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27372" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19113" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27931" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/9580 | ||
cve@mitre.org | http://securitytracker.com/id?1007538 | ||
cve@mitre.org | http://www.cert.org/advisories/CA-2003-22.html | US Government Resource | |
cve@mitre.org | http://www.kb.cert.org/vuls/id/548964 | US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/bid/8454 | Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/12962 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/9580 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1007538 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2003-22.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/548964 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/8454 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/12962 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en el control ActiveX BR549.DLL de Internet Explorer 5.01 SP3 a 6.0 SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario." } ], "id": "CVE-2003-0530", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-08-27T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/9580" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1007538" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2003-22.html" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/548964" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/8454" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/9580" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1007538" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2003-22.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/548964" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/8454" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2011-12-07 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 7.0.6000.16711 | |
microsoft | ie | 8.0.7600.16385 | |
microsoft | ie | 8.0b | |
microsoft | internet_explorer | * | |
microsoft | internet_explorer | 3.0 | |
microsoft | internet_explorer | 3.0.1 | |
microsoft | internet_explorer | 3.0.2 | |
microsoft | internet_explorer | 3.1 | |
microsoft | internet_explorer | 3.2 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.01 | |
microsoft | internet_explorer | 4.1 | |
microsoft | internet_explorer | 4.01 | |
microsoft | internet_explorer | 4.5 | |
microsoft | internet_explorer | 4.40.308 | |
microsoft | internet_explorer | 4.40.520 | |
microsoft | internet_explorer | 4.70.1155 | |
microsoft | internet_explorer | 4.70.1158 | |
microsoft | internet_explorer | 4.70.1215 | |
microsoft | internet_explorer | 4.70.1300 | |
microsoft | internet_explorer | 4.71.544 | |
microsoft | internet_explorer | 4.71.1008.3 | |
microsoft | internet_explorer | 4.71.1712.6 | |
microsoft | internet_explorer | 4.72.2106.8 | |
microsoft | internet_explorer | 4.72.3110.8 | |
microsoft | internet_explorer | 4.72.3612.1713 | |
microsoft | internet_explorer | 5 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.00.0518.10 | |
microsoft | internet_explorer | 5.00.0910.1309 | |
microsoft | internet_explorer | 5.00.2014.0216 | |
microsoft | internet_explorer | 5.00.2314.1003 | |
microsoft | internet_explorer | 5.00.2516.1900 | |
microsoft | internet_explorer | 5.00.2614.3500 | |
microsoft | internet_explorer | 5.00.2919.800 | |
microsoft | internet_explorer | 5.00.2919.3800 | |
microsoft | internet_explorer | 5.00.2919.6307 | |
microsoft | internet_explorer | 5.00.2920.0000 | |
microsoft | internet_explorer | 5.00.3103.1000 | |
microsoft | internet_explorer | 5.00.3105.0106 | |
microsoft | internet_explorer | 5.00.3314.2101 | |
microsoft | internet_explorer | 5.00.3315.1000 | |
microsoft | internet_explorer | 5.00.3502.1000 | |
microsoft | internet_explorer | 5.00.3700.1000 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.2.3 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.50.3825.1300 | |
microsoft | internet_explorer | 5.50.4030.2400 | |
microsoft | internet_explorer | 5.50.4134.0100 | |
microsoft | internet_explorer | 5.50.4134.0600 | |
microsoft | internet_explorer | 5.50.4308.2900 | |
microsoft | internet_explorer | 5.50.4522.1800 | |
microsoft | internet_explorer | 5.50.4807.2300 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.00.2462.0000 | |
microsoft | internet_explorer | 6.00.2479.0006 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.00.2600.0000 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.00.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 6.00.2900.2180 | |
microsoft | internet_explorer | 6.00.3663.0000 | |
microsoft | internet_explorer | 6.00.3718.0000 | |
microsoft | internet_explorer | 6.00.3790.0000 | |
microsoft | internet_explorer | 6.00.3790.1830 | |
microsoft | internet_explorer | 6.00.3790.3959 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0.5730 | |
microsoft | internet_explorer | 7.0.5730.11 | |
microsoft | internet_explorer | 7.00.5730.1100 | |
microsoft | internet_explorer | 7.00.6000.16386 | |
microsoft | internet_explorer | 7.00.6000.16441 | |
microsoft | internet_explorer | 8.0.6001 | |
microsoft | internet_explorer | 8.0.6001 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:7.0.6000.16711:*:*:*:*:*:*:*", "matchCriteriaId": "77497F7F-1853-448A-8448-8FB6FA43169B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:8.0.7600.16385:*:*:*:*:*:*:*", "matchCriteriaId": "1B5A9719-9C14-4843-A6A9-CF4AF804B37D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:8.0b:*:*:*:*:*:*:*", "matchCriteriaId": "587DAAD1-F33D-41EB-B752-36B9D87FC19B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB024757-60F3-44F9-BCFF-04B2F109D7A2", "versionEndIncluding": "8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F62AC866-A06F-47DB-AEDF-E345CE0B14A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "0AF9C64F-9A67-4BA9-A653-75507935E6EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:*:*:*:*:*:*:*", "matchCriteriaId": "B9D82B89-456D-41CB-A894-B6A22FB4415D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "2E21CE6E-2B33-4225-B1DC-C19F1D578040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.308:*:*:*:*:*:*:*", "matchCriteriaId": "0A652453-AB5F-405C-ABDE-CE1B54FEACED", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.520:*:*:*:*:*:*:*", "matchCriteriaId": "141080AB-48DE-4885-BAB6-6F0937ABD49B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1155:*:*:*:*:*:*:*", "matchCriteriaId": "EB758D76-B7F6-4E87-B88D-620443655CA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1158:*:*:*:*:*:*:*", "matchCriteriaId": "28655AC5-1512-4F45-9963-CA26F73981CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1215:*:*:*:*:*:*:*", "matchCriteriaId": "C00F4F36-B88A-4FDB-BE52-83C6EF60BDB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1300:*:*:*:*:*:*:*", "matchCriteriaId": "BEC05584-F553-4D29-9C46-C9EE5F0CB166", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.544:*:*:*:*:*:*:*", "matchCriteriaId": "B108A86E-8387-446C-B823-BE6FCAE747A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:*:*:*:*:*:*:*", "matchCriteriaId": "BA3F79B8-512A-4B88-868C-7C4ADFD223C9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:*:*:*:*:*:*:*", "matchCriteriaId": "078C3A86-C9F8-4A19-9DDC-1065B54E640F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:*:*:*:*:*:*:*", "matchCriteriaId": "9030923C-356E-4FAB-8E64-03D462B4DB5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:*:*:*:*:*:*:*", "matchCriteriaId": "DC0FFABC-8BED-4838-85FE-406DC9CF9B92", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:*:*:*:*:*:*:*", "matchCriteriaId": "C9DB4A00-4F70-4189-81BD-9318C52DF2D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:*:*:*:*:*:*:*", "matchCriteriaId": "FBFE8C8E-F46C-4179-AE83-CE4720C8E0E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:*:*:*:*:*:*:*", "matchCriteriaId": "61125B09-23AA-4D5A-8332-6B5CCD80C7A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:*:*:*:*:*:*:*", "matchCriteriaId": "3AECF59F-B3C0-44CC-B77A-30E32B3E8BB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2314.1003:*:*:*:*:*:*:*", "matchCriteriaId": "D4690B85-86B9-448E-9249-B3885DEDC60E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2516.1900:*:*:*:*:*:*:*", "matchCriteriaId": "4E215C82-E4AD-4B87-92D8-DD4D486EB6EF", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500:*:*:*:*:*:*:*", "matchCriteriaId": "D91F4C80-3B1B-45BD-966F-C9DBF98B875D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800:*:*:*:*:*:*:*", "matchCriteriaId": "F65E0DC1-40F6-4252-945A-A972343D1E29", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.3800:*:*:*:*:*:*:*", "matchCriteriaId": "8C07C1A9-1A94-4653-8C57-6FCFC25854E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307:*:*:*:*:*:*:*", "matchCriteriaId": "EDC57519-AD96-4ECF-A5B2-4E45F7D55298", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000:*:*:*:*:*:*:*", "matchCriteriaId": "37DE3DE6-A355-41F2-BF5E-E7526449E753", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000:*:*:*:*:*:*:*", "matchCriteriaId": "5DB24B4F-44FF-4F0F-90FA-240A34B9599F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106:*:*:*:*:*:*:*", "matchCriteriaId": "919A6551-DB18-49BD-AB92-4C453B3B728F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101:*:*:*:*:*:*:*", "matchCriteriaId": "C512DAB3-2720-42D2-B27E-28F30FE0FE46", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000:*:*:*:*:*:*:*", "matchCriteriaId": "CB90458F-1F2B-4F4C-88C6-4B670787D126", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000:*:*:*:*:*:*:*", "matchCriteriaId": "6C2EFDB4-97C2-4DDF-8A65-FCFB60FCB540", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000:*:*:*:*:*:*:*", "matchCriteriaId": "4A99CDC7-9341-4DFB-BB18-FF06C05FF9B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.3825.1300:*:*:*:*:*:*:*", "matchCriteriaId": "8BA6BA38-8B3B-4B9A-95BF-BCD412DD83B6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4030.2400:*:*:*:*:*:*:*", "matchCriteriaId": "01BD2A05-3FCE-4C5D-8228-968630F27E28", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0100:*:*:*:*:*:*:*", "matchCriteriaId": "4430779C-C678-4950-AE9E-82CDFC1A08D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0600:*:*:*:*:*:*:*", "matchCriteriaId": "BF0EC334-AEAD-43CA-A609-C027060F4F20", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4308.2900:*:*:*:*:*:*:*", "matchCriteriaId": "BAF320BE-F022-4E0E-9815-B8AEED87B384", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4522.1800:*:*:*:*:*:*:*", "matchCriteriaId": "75532B2D-6814-4D20-8AEB-E7DFD66B6423", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4807.2300:*:*:*:*:*:*:*", "matchCriteriaId": "83802E30-8E7D-4CAB-B8FC-10056CF833D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*", "matchCriteriaId": "314538E8-48EC-4869-9074-2A1F5B7CBB3C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*", "matchCriteriaId": "F56B3A72-7C5E-4F0C-BBC7-AA13DDFBEE70", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2600.0000:*:*:*:*:*:*:*", "matchCriteriaId": "6876CE89-AA70-44C5-8A69-E2ED7A63F570", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "BCE2555F-C4BE-482F-8DD9-976D2026058C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "61F352FE-C22E-4B33-A46F-77A164B5DABB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*", "matchCriteriaId": "5ACD5A44-0926-4A1B-9900-1E7CC0A561C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3718.0000:*:*:*:*:*:*:*", "matchCriteriaId": "196CEE37-2E3A-41A7-9AC1-0D5CC3F35D8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*", "matchCriteriaId": "3E16BEF4-71AA-4E23-B438-D25FFABDB646", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*", "matchCriteriaId": "1F32702E-F955-4DDB-B235-7C47E882453C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*", "matchCriteriaId": "6FA2B4AD-C04D-4A6B-8570-5A2F5489F750", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*", "matchCriteriaId": "817636ED-5E42-460E-89F1-24D5C64AB8BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*", "matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*", "matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*", "matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:*:*:*:*:*:*:*", "matchCriteriaId": "5F709B61-F64B-4E8F-80BB-4944485B6125", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", "matchCriteriaId": "612B8367-DAEF-4EE3-BC57-16A5CF4D3030", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method." }, { "lang": "es", "value": "La ejecuci\u00f3n de JavaScript en Microsoft Internet Explorer v8.0 y anteriores, no restringe adecuadamente el conjunto de valores contenidos en el objeto devuelto por el m\u00e9todo getComputedStyle, lo que permite a atacantes remotos obtener informaci\u00f3n sensible acerca de las p\u00e1ginas web visitadas por llamar a este m\u00e9todo." } ], "id": "CVE-2010-5071", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2011-12-07T19:55:01.470", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://w2spconf.com/2010/papers/p26.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://w2spconf.com/2010/papers/p26.pdf" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-01-04 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ185959 | ||
cve@mitre.org | http://support.microsoft.com/support/kb/articles/q176/6/97.asp | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ185959 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.microsoft.com/support/kb/articles/q176/6/97.asp |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 3.0 | |
microsoft | ie | 3.1 | |
microsoft | ie | 4.0 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 4.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:3.0:*:mac_os:*:*:*:*:*", "matchCriteriaId": "2277E59E-D981-4D9D-8FC0-F124FB8B9C5B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:3.1:*:mac_os:*:*:*:*:*", "matchCriteriaId": "C6CB69E1-189F-425C-9023-DE2741669507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0:a:*:*:*:*:*:*", "matchCriteriaId": "EB817B2B-6F65-4989-9177-153518F32894", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in Internet Explorer 4.0 via EMBED tag." } ], "id": "CVE-1999-0876", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2000-01-04T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ185959" }, { "source": "cve@mitre.org", "url": "http://support.microsoft.com/support/kb/articles/q176/6/97.asp" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ185959" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.microsoft.com/support/kb/articles/q176/6/97.asp" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=106304733121753&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=106304876523459&w=2 | ||
cve@mitre.org | http://marc.info/?l=ntbugtraq&m=106302799428500&w=2 | ||
cve@mitre.org | http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html | ||
cve@mitre.org | http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0310&L=ntbugtraq&F=P&S=&P=2169 | ||
cve@mitre.org | http://www.osvdb.org/7872 | ||
cve@mitre.org | http://www.securityfocus.com/bid/8556 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/13314 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106304733121753&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106304876523459&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=ntbugtraq&m=106302799428500&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0310&L=ntbugtraq&F=P&S=&P=2169 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/7872 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/8556 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/13314 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a \"data\" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe)." }, { "lang": "es", "value": "Internet Explorer permite a atacantes remotos saltarse restricciones de zona para inyectar y ejecutar programas arbitrarios creando una ventana emergente e insertando un objeto ActiveX con una etiqueta \"data\" apuntando al c\u00f3digo maliciosos, que Internet Explorer trata como HTML o JavaScript, pero luego ejecuta como una aplicaci\u00f3n .HTA; una vulnerabilidad diferente de CAN-2003-0532, y explotada por el virus QHosts." } ], "id": "CVE-2003-0838", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-11-17T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106304733121753\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106304876523459\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=ntbugtraq\u0026m=106302799428500\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html" }, { "source": "cve@mitre.org", "url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0310\u0026L=ntbugtraq\u0026F=P\u0026S=\u0026P=2169" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/7872" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/8556" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13314" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106304733121753\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106304876523459\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=ntbugtraq\u0026m=106302799428500\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0310\u0026L=ntbugtraq\u0026F=P\u0026S=\u0026P=2169" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/7872" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/8556" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13314" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=110796851002781&w=2 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/580299 | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA05-039A.html | Patch, US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/19214 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=110796851002781&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/580299 | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA05-039A.html | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/19214 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the \"URL Decoding Zone Spoofing Vulnerability.\"" } ], "id": "CVE-2005-0054", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2005-05-02T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=110796851002781\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/580299" }, { "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19214" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=110796851002781\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/580299" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19214" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-07-07 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/10736/ | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/106324 | US Government Resource | |
cve@mitre.org | http://www.security-express.com/archives/bugtraq/2004-01/0300.html | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/351379 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/9510 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-196A.html | US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/14964 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/10736/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/106324 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.security-express.com/archives/bugtraq/2004-01/0300.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/351379 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9510 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-196A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/14964 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2800.1106 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP." }, { "lang": "es", "value": "Internet Explorer 6.0.2800.1106 sobre Windows XP y posiblemente otras versiones, permite a atacantes remotos suplantar el tipo de un de un fichero mediante un especificador CLSID en el nombre del fichero." } ], "id": "CVE-2004-0420", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-07-07T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/10736/" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/106324" }, { "source": "cve@mitre.org", "url": "http://www.security-express.com/archives/bugtraq/2004-01/0300.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/351379" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9510" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14964" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/10736/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/106324" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.security-express.com/archives/bugtraq/2004-01/0300.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/351379" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9510" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14964" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.kb.cert.org/vuls/id/244729 | US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/archive/1/301945 | ||
cve@mitre.org | http://www.securityfocus.com/bid/6306 | Exploit, Patch, Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/244729 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/301945 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/6306 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka \"Modal Dialog script execution.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer 5.01, 5.5 y 6.0 no comprueba adecuadamente el par\u00e1metro de entrada de hoja de estilo en cascada (CSS) en di\u00e1logos modales, lo que permite a atacantes remotos leer ficheros en el sistema local mediante una p\u00e1gina web que contenga script que cree un di\u00e1logo y entonces acceda a los ficheros objetivo, tambi\u00e9n conocida como \"Ejecuci\u00f3n de script en di\u00e1logos modales - Modal Dialog script execution\"." } ], "id": "CVE-2003-0116", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-05-12T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/244729" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/301945" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/6306" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/244729" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/301945" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/6306" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-02-23 03:28
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://securityreason.com/securityalert/2286 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/435095/30/4710/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/435129/30/4710/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/18112 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/26808 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/2286 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/435095/30/4710/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/435129/30/4710/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18112 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/26808 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | sp2 | |
microsoft | windows_98 | * | |
microsoft | windows_me | * | |
microsoft | windows_nt | * | |
microsoft | windows_vista | * | |
microsoft | windows_xp | * | |
microsoft | ie | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*", "matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", "matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll." }, { "lang": "es", "value": "Microsoft Internet Explorer 6 SP2 y anteriores permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de ciertos HTML malformados, posiblemente afectando a etiquetas base y applet sin argumentos requeridos, lo cual dispara un puntero nulo no referenciado en mshtml.dll." } ], "id": "CVE-2006-7030", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-02-23T03:28:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2286" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/435095/30/4710/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/435129/30/4710/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18112" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26808" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2286" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/435095/30/4710/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/435129/30/4710/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18112" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26808" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-05-08 23:19
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/23769 | ||
secure@microsoft.com | http://www.osvdb.org/34400 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/467989/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/468871/100/200/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/468871/100/200/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/23771 | ||
secure@microsoft.com | http://www.securitytracker.com/id?1018019 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA07-128A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2007/1712 | ||
secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-07-027.html | Vendor Advisory | |
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/33253 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1722 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23769 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/34400 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/467989/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/468871/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/468871/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23771 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018019 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-128A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1712 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-07-027.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33253 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1722 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | internet_explorer | 5.01 | |
microsoft | windows_2000 | * | |
microsoft | ie | 6.0 | |
microsoft | windows_xp | * | |
microsoft | ie | 6.0 | |
microsoft | windows_2003_server | sp2 | |
microsoft | ie | 6.0 | |
microsoft | windows_2003_server | sp1 | |
microsoft | ie | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*", "matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the \"Uninitialized Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Vulnerabilidad no especificada en el m\u00e9todo CTableCol::OnPropertyChange de Microsoft Internet Explorer 5.01 SP4 en Windows 2000 SP4; 6 SP1 en Windows 2000 SP4; y 6 en Windows XP SP2, o Windows Server 2003 SP1 o SP2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n llamando a deleteCell en una fila de tabla con nombre, y despu\u00e9s accediendo a la columna, lo cual provoca que Internet Explorer acceda a objetos previamente borrados, tambi\u00e9n conocida como \"Vulnerabilidad de Corrupci\u00f3n de Memoria No Inicializada\"." } ], "id": "CVE-2007-0944", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-05-08T23:19:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/23769" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/34400" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/467989/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/23771" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1018019" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/1712" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-027.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33253" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1722" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23769" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/34400" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/467989/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23771" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018019" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1712" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-027.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33253" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1722" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-07-11 22:05
Modified
2025-04-03 01:03
Severity ?
Summary
The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html | Exploit | |
cve@mitre.org | http://www.osvdb.org/26955 | ||
cve@mitre.org | http://www.securityfocus.com/bid/18900 | Exploit | |
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2718 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/27621 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/26955 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18900 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2718 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27621 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server:*:*:*:*:*", "matchCriteriaId": "8D4BD1B0-8A91-4ED2-9C0D-BF87D18A01C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_2000:*:*:*:*:*", "matchCriteriaId": "09A21D9F-6F51-4761-B7DB-E79CE60A0E09", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read." }, { "lang": "es", "value": "The Remote Data Service Object (RDS.DataControl) de Microsoft Internet Explorer 6 en Windows 2000 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de series de operaciones que resultan en una longitud de c\u00e1lculo no v\u00e1lida cuando se utiliza SysAllocStringLen, entonces se dispara una sobre-lectura de b\u00fafer." } ], "id": "CVE-2006-3510", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-07-11T22:05:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/26955" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/18900" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2718" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27621" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26955" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/18900" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2718" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27621" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/archive/1/378431 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/archive/1/378619 | ||
cve@mitre.org | http://www.securityfocus.com/bid/11412 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/378431 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/378619 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11412 | Exploit |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:frontpage:97:*:*:*:*:*:*:*", "matchCriteriaId": "74459B0D-BF34-4F46-BE89-7D720EA520EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:frontpage:98:*:*:*:*:*:*:*", "matchCriteriaId": "A5F2F998-5866-4DA7-88CF-7987E971947E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:3.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "731F2F05-A1BB-4BE8-B761-EE04ED6ABBE1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values." } ], "id": "CVE-2004-2179", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/378431" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/378619" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/11412" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/378431" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/378619" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/11412" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html | Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/archive/1/382257 | ||
cve@mitre.org | http://www.securityfocus.com/bid/11751 | Exploit, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/18282 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/382257 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11751 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/18282 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": false }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": false }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": false } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays." } ], "id": "CVE-2004-1198", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/382257" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11751" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/382257" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11751" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-18 19:04
Modified
2025-04-03 01:03
Severity ?
Summary
The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://securityreason.com/securityalert/1403 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/443493/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/19570 | Exploit | |
cve@mitre.org | http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=14 | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28444 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/1403 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/443493/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19570 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=14 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28444 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN." }, { "lang": "es", "value": "El objeto COM de Servicios de Terminal (tsuserex.dll) permite a atacantes remotos provocar unad enegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n instanci\u00e1ndolo como un objeto ActiveX en Internet Explorer 6.0 SP1 en Microsoft Windows 2003 EE SP1 CN." } ], "id": "CVE-2006-4219", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-08-18T19:04:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1403" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/443493/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19570" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=14" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28444" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1403" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/443493/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19570" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28444" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-08 23:04
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/21396 | Vendor Advisory | |
secure@microsoft.com | http://securitytracker.com/id?1016663 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/119180 | Patch, US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/27855 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/442579/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/19312 | Patch | |
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-220A.html | Patch, Third Party Advisory, US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/3212 | Vendor Advisory | |
secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-06-027.html | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21396 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016663 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/119180 | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27855 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/442579/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19312 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-220A.html | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3212 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-06-027.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file." }, { "lang": "es", "value": "Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n usando la funci\u00f3n Javascript document.getElementByID para acceder a elementos de Hojas de Estilo en Cascada (CSS) manipulados, y posiblemente otros vectores no especificados relacionados con determinadas combinaciones de posicionamiento en el dise\u00f1o de un archivo HTML." } ], "id": "CVE-2006-3450", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-08-08T23:04:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21396" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016663" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/119180" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/27855" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/442579/100/0/threaded" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/19312" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21396" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016663" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/119180" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27855" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/442579/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/19312" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-07-05 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=112006764714946&w=2 | ||
cve@mitre.org | http://secunia.com/advisories/15891 | Vendor Advisory | |
cve@mitre.org | http://securitytracker.com/id?1014329 | ||
cve@mitre.org | http://www.auscert.org.au/render.html?it=5225 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/939605 | US Government Resource | |
cve@mitre.org | http://www.kb.cert.org/vuls/id/959049 | US Government Resource | |
cve@mitre.org | http://www.microsoft.com/technet/security/advisory/903144.mspx | ||
cve@mitre.org | http://www.osvdb.org/17680 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/404055 | ||
cve@mitre.org | http://www.securityfocus.com/bid/14087 | ||
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA05-193A.html | US Government Resource | |
cve@mitre.org | http://www.vupen.com/english/advisories/2005/0935 | Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-037 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/21193 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1326 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1506 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1518 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A793 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=112006764714946&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/15891 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1014329 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.auscert.org.au/render.html?it=5225 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/939605 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/959049 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.microsoft.com/technet/security/advisory/903144.mspx | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/17680 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/404055 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14087 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA05-193A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/0935 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-037 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/21193 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1326 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1506 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1518 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A793 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.1 | |
microsoft | ie | 5.2.3 | |
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2900.2180 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.1:*:mac_os:*:*:*:*:*", "matchCriteriaId": "4CF91C2F-EE6D-4C9E-8F39-1F632399EC49", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.2.3:*:macintosh:*:*:*:*:*", "matchCriteriaId": "EB51F2D6-3CCA-4695-8A92-39999749B3DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem." } ], "id": "CVE-2005-2087", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-07-05T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=112006764714946\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/15891" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1014329" }, { "source": "cve@mitre.org", "url": "http://www.auscert.org.au/render.html?it=5225" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/939605" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "source": "cve@mitre.org", "url": "http://www.microsoft.com/technet/security/advisory/903144.mspx" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/17680" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/404055" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/14087" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-193A.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2005/0935" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-037" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21193" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1326" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1506" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1518" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A793" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=112006764714946\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/15891" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1014329" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.auscert.org.au/render.html?it=5225" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/939605" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.microsoft.com/technet/security/advisory/903144.mspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/17680" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/404055" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/14087" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-193A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2005/0935" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-037" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1326" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1506" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1518" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A793" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-07-21 14:03
Modified
2025-04-03 01:03
Severity ?
Summary
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html | Exploit | |
cve@mitre.org | http://isc.sans.org/diary.php?storyid=1742 | ||
cve@mitre.org | http://riosec.com/msie-setslice-vuln | ||
cve@mitre.org | http://secunia.com/advisories/22159 | Vendor Advisory | |
cve@mitre.org | http://securitytracker.com/id?1016941 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/753044 | US Government Resource | |
cve@mitre.org | http://www.osvdb.org/27110 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/447174/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/447383/100/100/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/447426/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/447490/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/449179/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/449179/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/19030 | Exploit | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA06-270A.html | US Government Resource | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA06-283A.html | US Government Resource | |
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2882 | Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/27804 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339 | ||
cve@mitre.org | https://www.exploit-db.com/exploits/2440 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://isc.sans.org/diary.php?storyid=1742 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://riosec.com/msie-setslice-vuln | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22159 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016941 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/753044 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27110 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/447174/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/447383/100/100/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/447426/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/447490/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/449179/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/449179/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19030 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-270A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-283A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2882 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27804 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/2440 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy." }, { "lang": "es", "value": "Desbordamiento de entero en Microsoft Internet Explorer 6 sobre Windows XP SP2 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s deun argumento 0x7fffffff en el m\u00e9todo setSlice sobre un objeto ActiveX WebViewFolderIcon, el cual dar\u00e1 lugar a una copia de memoria no v\u00e1lida." } ], "id": "CVE-2006-3730", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-07-21T14:03:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html" }, { "source": "cve@mitre.org", "url": "http://isc.sans.org/diary.php?storyid=1742" }, { "source": "cve@mitre.org", "url": "http://riosec.com/msie-setslice-vuln" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22159" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016941" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/753044" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/27110" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19030" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2882" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339" }, { "source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/2440" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://isc.sans.org/diary.php?storyid=1742" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://riosec.com/msie-setslice-vuln" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22159" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016941" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/753044" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27110" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19030" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2882" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/2440" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=108981273009250&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=108981403025596&w=2 | ||
cve@mitre.org | http://secunia.com/advisories/12060 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/228028 | US Government Resource | |
cve@mitre.org | http://www.ngssoftware.com/advisories/mstaskjob.txt | ||
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-196A.html | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16591 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=108981273009250&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=108981403025596&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/12060 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/228028 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.ngssoftware.com/advisories/mstaskjob.txt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-196A.html | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16591 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
avaya | ip600_media_servers | * | |
microsoft | ie | 6.0 | |
avaya | definity_one_media_server | * | |
avaya | s8100 | * | |
avaya | modular_messaging_message_storage_server | s3400 | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*", "matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*", "matchCriteriaId": "9BFF29C7-E5AA-44EB-B1A9-602B3692D893", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "matchCriteriaId": "CA7BA525-6DB8-4444-934A-932AFED69816", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "matchCriteriaId": "90CFA69B-7814-4F97-A14D-D76310065CF3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "matchCriteriaId": "AB6ADBAF-6EB0-4CFA-9D33-A814AC20484E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share." }, { "lang": "es", "value": "Vulnerabilidad basada en la pila en el Programador de Tareas de Windows 2000 y XP, e Internet Explorer 6 en Windows NT 4.0 permite a atacantes remotos o locales ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero .job conteniendo par\u00e1metros grandes, como se ha demostrado utlizando Internet Explorer y accediendo a un fichero .job en una carpeta de red compartida an\u00f3nimamente." } ], "id": "CVE-2004-0212", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-08-06T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=108981273009250\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=108981403025596\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/12060" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/228028" }, { "source": "cve@mitre.org", "url": "http://www.ngssoftware.com/advisories/mstaskjob.txt" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16591" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=108981273009250\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=108981403025596\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/12060" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/228028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ngssoftware.com/advisories/mstaskjob.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16591" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-12-12 20:28
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/23288 | ||
secure@microsoft.com | http://securitytracker.com/id?1017374 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/694344 | US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/30815 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/454969/100/200/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/454969/100/200/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/21494 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-346A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/4966 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A337 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23288 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1017374 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/694344 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/30815 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/454969/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/454969/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/21494 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-346A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/4966 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A337 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:*:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "66815960-CEFF-477A-A147-963A112206CF", "versionEndIncluding": "6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5577." }, { "lang": "es", "value": "Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos leer Ficheros Temporales de Internet (TIF) y obtener informaci\u00f3n sensible a trav\u00e9s de vectores sin especificar mediante operaciones de \"arrastrar y soltar\", tambi\u00e9n conocido como \"TIF Folder Information Disclosure Vulnerability\" , es distinta a la CVE-2006-5577." } ], "id": "CVE-2006-5578", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-12-12T20:28:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/23288" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1017374" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/694344" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/30815" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/21494" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/4966" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A337" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23288" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017374" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/694344" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/30815" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21494" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4966" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A337" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-04-11 23:02
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/18957 | ||
secure@microsoft.com | http://securitytracker.com/id?1015900 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/824324 | Patch, US Government Resource | |
secure@microsoft.com | http://www.securityfocus.com/archive/1/435096/30/4710/threaded | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-101A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/1318 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1144 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1290 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1296 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1773 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18957 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015900 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/824324 | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/435096/30/4710/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-101A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/1318 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1144 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1290 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1296 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1773 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.1 | |
microsoft | ie | 5.2.3 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
canon | network_camera_server_vb101 | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.1:*:mac_os:*:*:*:*:*", "matchCriteriaId": "4CF91C2F-EE6D-4C9E-8F39-1F632399EC49", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.2.3:*:macintosh:*:*:*:*:*", "matchCriteriaId": "EB51F2D6-3CCA-4695-8A92-39999749B3DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*", "matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*", "matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*", "matchCriteriaId": "3665D68D-8E1E-4FA9-97B9-9E099DDE84F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption." } ], "id": "CVE-2006-1188", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-04-11T23:02:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/18957" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015900" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/824324" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/435096/30/4710/threaded" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1144" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1290" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1296" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1773" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18957" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015900" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/824324" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/435096/30/4710/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1144" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1290" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1296" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1773" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-02-04 02:02
Modified
2025-04-03 01:03
Severity ?
Summary
urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.security-protocols.com/advisory/sp-x23-advisory.txt | ||
cve@mitre.org | http://www.securityfocus.com/bid/16463 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.security-protocols.com/advisory/sp-x23-advisory.txt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/16463 | Exploit |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:7.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "4A33815E-5D85-4F0E-A4D1-DB31A64C8801", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to \"file://\" followed by a large number of \"-\" (dash of hyphen) characters." } ], "id": "CVE-2006-0544", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-02-04T02:02:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.security-protocols.com/advisory/sp-x23-advisory.txt" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/16463" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.security-protocols.com/advisory/sp-x23-advisory.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/16463" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-02-21 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.x:*:*:*:*:*:*:*", "matchCriteriaId": "45091F51-BA28-4FEB-9F84-58AC2E1DB48F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:*:*", "matchCriteriaId": "91EB05F7-D88A-40AA-A8CB-F76C449878AA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software\u0027s manufacturer is Microsoft." } ], "id": "CVE-2000-0160", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2000-02-21T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-02-15\u0026msg=20000221103938.T21312%40securityfocus.com" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-02-15\u0026msg=20000221103938.T21312%40securityfocus.com" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-11-16 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/13203/ | Vendor Advisory | |
cve@mitre.org | http://securityreason.com/securityalert/3220 | ||
cve@mitre.org | http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php | Vendor Advisory | |
cve@mitre.org | http://www.kb.cert.org/vuls/id/743974 | Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/bid/11686 | Exploit, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/18181 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/13203/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3220 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/743974 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11686 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/18181 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the \"File Download - Security Warning\" dialog and save arbitrary files with arbitrary extensions via the SaveAs command." } ], "id": "CVE-2004-1331", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2004-11-16T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/13203/" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3220" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/743974" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11686" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18181" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/13203/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3220" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/743974" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11686" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18181" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-07-03 21:30
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html | ||
cve@mitre.org | http://osvdb.org/45814 | ||
cve@mitre.org | http://securityreason.com/securityalert/2855 | ||
cve@mitre.org | http://www.secniche.org/advisory/Internet_Dos_Adv.pdf | Patch | |
cve@mitre.org | http://www.securityfocus.com/archive/1/472651/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/473662 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/485536/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/24744 | Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/35455 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/45814 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/2855 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.secniche.org/advisory/Internet_Dos_Adv.pdf | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/472651/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/473662 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/485536/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24744 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/35455 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [ { "sourceIdentifier": "cve@mitre.org", "tags": [ "disputed" ] } ], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka \"Internet Explorer Zone Domain Specification Dos and Page Suppressing\". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated" }, { "lang": "es", "value": "** EN DISPUTA ** Microsoft Internet Explorer versi\u00f3n 6.0 y versi\u00f3n 7.0 permite a atacantes remotos rellenar Zonas con dominios de su elecci\u00f3n utilizando determinados metacaracteres tales como comodines mediante JavaScript, lo cual resulta en una denegaci\u00f3n de servicio (supresi\u00f3n de sitios web y agotamiento de recursos), tambi\u00e9n conocida como \"Internet Explorer Zone Domain Specification Dos and Page Suppressing\". NOTA: esta cuesti\u00f3n ha sido discutida por una tercera parte, la cual establece que la configuraci\u00f3n de la zona no puede ser manipulada." } ], "id": "CVE-2007-3550", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-07-03T21:30:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/45814" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2855" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.secniche.org/advisory/Internet_Dos_Adv.pdf" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/472651/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/473662" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/485536/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/24744" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35455" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/45814" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2855" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.secniche.org/advisory/Internet_Dos_Adv.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/472651/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/473662" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485536/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/24744" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35455" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-06-05 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt | ||
cve@mitre.org | http://www.cert.org/advisories/CA-2000-10.html | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/bid/1309 | Patch, Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/4624 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2000-10.html | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1309 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/4624 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "D0BDA2A8-EBB9-47AB-9DA0-5C24527F7210", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "5680FE7F-95EE-46B2-B930-4A3DC27FD1A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "ACC3A8B3-4E8C-46BD-965C-4EF655B9018D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "F7739338-DAE1-403F-B22C-2CFAC884E09A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "A7B6FB02-F15F-486D-8E7C-40830ABDB62F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*", "matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different \"SSL Certificate Validation\" vulnerabilities." } ], "id": "CVE-2000-0518", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2000-06-05T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2000-10.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1309" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4624" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2000-10.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1309" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4624" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://online.securityfocus.com/archive/1/268776 | ||
cve@mitre.org | http://www.securityfocus.com/bid/4564 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/8904 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/268776 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4564 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/8904 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type \"text/html\" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion." } ], "id": "CVE-2002-1714", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://online.securityfocus.com/archive/1/268776" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/4564" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8904" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://online.securityfocus.com/archive/1/268776" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/4564" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8904" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-12-12 00:46
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/28036 | Vendor Advisory | |
secure@microsoft.com | http://securitytracker.com/id?1019078 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/484888/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/26816 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA07-345A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2007/4184 | Vendor Advisory | |
secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-07-074.html | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/38714 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28036 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019078 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/484888/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26816 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-345A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4184 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-07-074.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/38714 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0.5730.11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of \"Uninitialized Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer versiones 6 y 7, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de objetos no inicializados o eliminados usados en llamadas repetidas a la funci\u00f3n de JavaScript (1) cloneNode o (2) nodeValue, un problema diferente de CVE-2007-3902 y CVE-2007-5344, una variante de \"Uninitialized Memory Corruption Vulnerability\"." } ], "id": "CVE-2007-3903", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-12-12T00:46:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28036" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1019078" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/484888/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/26816" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-074.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38714" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28036" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1019078" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/484888/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26816" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-074.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38714" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" }, { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-07-07 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/archive/1/363202 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/10348 | Exploit, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16147 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/363202 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10348 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16147 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash (\"\\\\\") before the target CHM file, as demonstrated using an \"ms-its\" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041." }, { "lang": "es", "value": "La funci\u00f3n showHelp en Internet Explorer 6 en Windows XP Pro permite a atacantes remotos ejecutar ficheros .chm locales de su elecci\u00f3n mediante una barra invertida (\"\") doble antes del fichero .chm objetivo, como se ha demostrado usando una URL \"ms-its\" con ntshared.chm. NOTA: Este fallo puede solaparse con CAN-2003-1041." } ], "id": "CVE-2004-0475", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2004-07-07T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/363202" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10348" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/363202" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10348" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-08-10 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/16373/ | Patch, Vendor Advisory | |
secure@microsoft.com | http://www.kb.cert.org/vuls/id/965206 | Patch, US Government Resource | |
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA05-221A.html | Patch, US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2005/1353 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1216 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1335 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A390 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16373/ | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/965206 | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA05-221A.html | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/1353 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1216 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1335 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A390 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka \"JPEG Image Rendering Memory Corruption Vulnerability\"." } ], "id": "CVE-2005-1988", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2005-08-10T04:00:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/16373/" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/965206" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2005/1353" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1216" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1335" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A390" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/16373/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/965206" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2005/1353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1216" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1335" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A390" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-07-18 15:47
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html | ||
cve@mitre.org | http://www.osvdb.org/27108 | ||
cve@mitre.org | http://www.securityfocus.com/bid/19013 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2831 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/27761 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27108 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19013 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2831 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27761 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 6 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object." }, { "lang": "es", "value": "Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) estableciendo la propiedad location o URL del objeto ActiveX MHTMLFile." } ], "id": "CVE-2006-3659", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-07-18T15:47:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/27108" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19013" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2831" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27761" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27108" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2831" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27761" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-12-12 20:28
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/23288 | ||
secure@microsoft.com | http://securitytracker.com/id?1017374 | ||
secure@microsoft.com | http://www.osvdb.org/30816 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/454969/100/200/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/454969/100/200/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/21507 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-346A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/4966 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23288 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1017374 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/30816 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/454969/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/454969/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/21507 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-346A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/4966 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:*:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "66815960-CEFF-477A-A147-963A112206CF", "versionEndIncluding": "6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5578." }, { "lang": "es", "value": "Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos la obtenci\u00f3n de informaci\u00f3n sensible a trav\u00e9s de usos sin especificar de la etiqueta de HTML OBJECT, que revela la ruta absoluta de la carpeta TIF correspondiente, tambi\u00e9n conocido como \"TIF Folder Information Disclosure Vulnerability\" y es diferntes a la CVE-2006-5578." } ], "id": "CVE-2006-5577", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-12-12T20:28:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/23288" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1017374" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/30816" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/21507" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/4966" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23288" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017374" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/30816" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21507" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4966" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=104429340817718&w=2 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=104429340817718&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files." }, { "lang": "es", "value": "El control de carga (upload) de ficheros en Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos cargar ficheros autom\u00e1ticamente del sistema de ficheros local mediante una p\u00e1gina web conteniendo un script para cargar los ficheros." } ], "id": "CVE-2003-0114", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-05-12T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=104429340817718\u0026w=2" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=104429340817718\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-05-28 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=111746303509720&w=2 | ||
cve@mitre.org | http://www.securityfocus.com/bid/13798 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=111746303509720&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/13798 | Vendor Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE." } ], "id": "CVE-2005-1791", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2005-05-28T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=111746303509720\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/13798" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=111746303509720\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/13798" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2011-06-03 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 | ||
cve@mitre.org | http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt | ||
cve@mitre.org | http://news.cnet.com/8301-1009_3-20066419-83.html | ||
cve@mitre.org | http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/ | ||
cve@mitre.org | http://www.informationweek.com/news/security/vulnerabilities/229700031 | ||
cve@mitre.org | http://www.networkworld.com/community/node/74259 | ||
cve@mitre.org | http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/ | ||
cve@mitre.org | http://www.youtube.com/watch?v=V95CX-3JpK0 | ||
cve@mitre.org | http://www.youtube.com/watch?v=VsSkcnIFCxM | ||
cve@mitre.org | https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://news.cnet.com/8301-1009_3-20066419-83.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.informationweek.com/news/security/vulnerabilities/229700031 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.networkworld.com/community/node/74259 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.youtube.com/watch?v=V95CX-3JpK0 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.youtube.com/watch?v=VsSkcnIFCxM | ||
af854a3a-2127-422b-91ae-364da2661108 | https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 9 | |
microsoft | internet_explorer | * | |
microsoft | internet_explorer | 3.0 | |
microsoft | internet_explorer | 3.0.1 | |
microsoft | internet_explorer | 3.0.2 | |
microsoft | internet_explorer | 3.1 | |
microsoft | internet_explorer | 3.2 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.01 | |
microsoft | internet_explorer | 4.1 | |
microsoft | internet_explorer | 4.01 | |
microsoft | internet_explorer | 4.5 | |
microsoft | internet_explorer | 4.40.308 | |
microsoft | internet_explorer | 4.40.520 | |
microsoft | internet_explorer | 4.70.1155 | |
microsoft | internet_explorer | 4.70.1158 | |
microsoft | internet_explorer | 4.70.1215 | |
microsoft | internet_explorer | 4.70.1300 | |
microsoft | internet_explorer | 4.71.544 | |
microsoft | internet_explorer | 4.71.1008.3 | |
microsoft | internet_explorer | 4.71.1712.6 | |
microsoft | internet_explorer | 4.72.2106.8 | |
microsoft | internet_explorer | 4.72.3110.8 | |
microsoft | internet_explorer | 4.72.3612.1713 | |
microsoft | internet_explorer | 5 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.00.0518.10 | |
microsoft | internet_explorer | 5.00.0910.1309 | |
microsoft | internet_explorer | 5.00.2014.0216 | |
microsoft | internet_explorer | 5.00.2314.1003 | |
microsoft | internet_explorer | 5.00.2516.1900 | |
microsoft | internet_explorer | 5.00.2614.3500 | |
microsoft | internet_explorer | 5.00.2919.800 | |
microsoft | internet_explorer | 5.00.2919.3800 | |
microsoft | internet_explorer | 5.00.2919.6307 | |
microsoft | internet_explorer | 5.00.2920.0000 | |
microsoft | internet_explorer | 5.00.3103.1000 | |
microsoft | internet_explorer | 5.00.3105.0106 | |
microsoft | internet_explorer | 5.00.3314.2101 | |
microsoft | internet_explorer | 5.00.3315.1000 | |
microsoft | internet_explorer | 5.00.3502.1000 | |
microsoft | internet_explorer | 5.00.3700.1000 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.2.3 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.50.3825.1300 | |
microsoft | internet_explorer | 5.50.4030.2400 | |
microsoft | internet_explorer | 5.50.4134.0100 | |
microsoft | internet_explorer | 5.50.4134.0600 | |
microsoft | internet_explorer | 5.50.4308.2900 | |
microsoft | internet_explorer | 5.50.4522.1800 | |
microsoft | internet_explorer | 5.50.4807.2300 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.00.2462.0000 | |
microsoft | internet_explorer | 6.00.2479.0006 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.00.2600.0000 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.00.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 6.00.2900.2180 | |
microsoft | internet_explorer | 6.00.3663.0000 | |
microsoft | internet_explorer | 6.00.3718.0000 | |
microsoft | internet_explorer | 6.00.3790.0000 | |
microsoft | internet_explorer | 6.00.3790.1830 | |
microsoft | internet_explorer | 6.00.3790.3959 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0.5730 | |
microsoft | internet_explorer | 7.0.5730.11 | |
microsoft | internet_explorer | 7.00.5730.1100 | |
microsoft | internet_explorer | 7.00.6000.16386 | |
microsoft | internet_explorer | 7.00.6000.16441 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:9:beta:*:*:*:*:*:*", "matchCriteriaId": "4594B15E-22ED-4DDE-B35A-2CF8F4629729", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB024757-60F3-44F9-BCFF-04B2F109D7A2", "versionEndIncluding": "8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F62AC866-A06F-47DB-AEDF-E345CE0B14A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "0AF9C64F-9A67-4BA9-A653-75507935E6EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:*:*:*:*:*:*:*", "matchCriteriaId": "B9D82B89-456D-41CB-A894-B6A22FB4415D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "2E21CE6E-2B33-4225-B1DC-C19F1D578040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.308:*:*:*:*:*:*:*", "matchCriteriaId": "0A652453-AB5F-405C-ABDE-CE1B54FEACED", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.520:*:*:*:*:*:*:*", "matchCriteriaId": "141080AB-48DE-4885-BAB6-6F0937ABD49B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1155:*:*:*:*:*:*:*", "matchCriteriaId": "EB758D76-B7F6-4E87-B88D-620443655CA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1158:*:*:*:*:*:*:*", "matchCriteriaId": "28655AC5-1512-4F45-9963-CA26F73981CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1215:*:*:*:*:*:*:*", "matchCriteriaId": "C00F4F36-B88A-4FDB-BE52-83C6EF60BDB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1300:*:*:*:*:*:*:*", "matchCriteriaId": "BEC05584-F553-4D29-9C46-C9EE5F0CB166", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.544:*:*:*:*:*:*:*", "matchCriteriaId": "B108A86E-8387-446C-B823-BE6FCAE747A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:*:*:*:*:*:*:*", "matchCriteriaId": "BA3F79B8-512A-4B88-868C-7C4ADFD223C9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:*:*:*:*:*:*:*", "matchCriteriaId": "078C3A86-C9F8-4A19-9DDC-1065B54E640F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:*:*:*:*:*:*:*", "matchCriteriaId": "9030923C-356E-4FAB-8E64-03D462B4DB5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:*:*:*:*:*:*:*", "matchCriteriaId": "DC0FFABC-8BED-4838-85FE-406DC9CF9B92", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:*:*:*:*:*:*:*", "matchCriteriaId": "C9DB4A00-4F70-4189-81BD-9318C52DF2D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:*:*:*:*:*:*:*", "matchCriteriaId": "FBFE8C8E-F46C-4179-AE83-CE4720C8E0E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:*:*:*:*:*:*:*", "matchCriteriaId": "61125B09-23AA-4D5A-8332-6B5CCD80C7A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:*:*:*:*:*:*:*", "matchCriteriaId": "3AECF59F-B3C0-44CC-B77A-30E32B3E8BB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2314.1003:*:*:*:*:*:*:*", "matchCriteriaId": "D4690B85-86B9-448E-9249-B3885DEDC60E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2516.1900:*:*:*:*:*:*:*", "matchCriteriaId": "4E215C82-E4AD-4B87-92D8-DD4D486EB6EF", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500:*:*:*:*:*:*:*", "matchCriteriaId": "D91F4C80-3B1B-45BD-966F-C9DBF98B875D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800:*:*:*:*:*:*:*", "matchCriteriaId": "F65E0DC1-40F6-4252-945A-A972343D1E29", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.3800:*:*:*:*:*:*:*", "matchCriteriaId": "8C07C1A9-1A94-4653-8C57-6FCFC25854E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307:*:*:*:*:*:*:*", "matchCriteriaId": "EDC57519-AD96-4ECF-A5B2-4E45F7D55298", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000:*:*:*:*:*:*:*", "matchCriteriaId": "37DE3DE6-A355-41F2-BF5E-E7526449E753", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000:*:*:*:*:*:*:*", "matchCriteriaId": "5DB24B4F-44FF-4F0F-90FA-240A34B9599F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106:*:*:*:*:*:*:*", "matchCriteriaId": "919A6551-DB18-49BD-AB92-4C453B3B728F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101:*:*:*:*:*:*:*", "matchCriteriaId": "C512DAB3-2720-42D2-B27E-28F30FE0FE46", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000:*:*:*:*:*:*:*", "matchCriteriaId": "CB90458F-1F2B-4F4C-88C6-4B670787D126", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000:*:*:*:*:*:*:*", "matchCriteriaId": "6C2EFDB4-97C2-4DDF-8A65-FCFB60FCB540", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000:*:*:*:*:*:*:*", "matchCriteriaId": "4A99CDC7-9341-4DFB-BB18-FF06C05FF9B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.3825.1300:*:*:*:*:*:*:*", "matchCriteriaId": "8BA6BA38-8B3B-4B9A-95BF-BCD412DD83B6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4030.2400:*:*:*:*:*:*:*", "matchCriteriaId": "01BD2A05-3FCE-4C5D-8228-968630F27E28", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0100:*:*:*:*:*:*:*", "matchCriteriaId": "4430779C-C678-4950-AE9E-82CDFC1A08D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0600:*:*:*:*:*:*:*", "matchCriteriaId": "BF0EC334-AEAD-43CA-A609-C027060F4F20", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4308.2900:*:*:*:*:*:*:*", "matchCriteriaId": "BAF320BE-F022-4E0E-9815-B8AEED87B384", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4522.1800:*:*:*:*:*:*:*", "matchCriteriaId": "75532B2D-6814-4D20-8AEB-E7DFD66B6423", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4807.2300:*:*:*:*:*:*:*", "matchCriteriaId": "83802E30-8E7D-4CAB-B8FC-10056CF833D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*", "matchCriteriaId": "314538E8-48EC-4869-9074-2A1F5B7CBB3C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*", "matchCriteriaId": "F56B3A72-7C5E-4F0C-BBC7-AA13DDFBEE70", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2600.0000:*:*:*:*:*:*:*", "matchCriteriaId": "6876CE89-AA70-44C5-8A69-E2ED7A63F570", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "BCE2555F-C4BE-482F-8DD9-976D2026058C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "61F352FE-C22E-4B33-A46F-77A164B5DABB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*", "matchCriteriaId": "5ACD5A44-0926-4A1B-9900-1E7CC0A561C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3718.0000:*:*:*:*:*:*:*", "matchCriteriaId": "196CEE37-2E3A-41A7-9AC1-0D5CC3F35D8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*", "matchCriteriaId": "3E16BEF4-71AA-4E23-B438-D25FFABDB646", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*", "matchCriteriaId": "1F32702E-F955-4DDB-B235-7C47E882453C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*", "matchCriteriaId": "6FA2B4AD-C04D-4A6B-8570-5A2F5489F750", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*", "matchCriteriaId": "817636ED-5E42-460E-89F1-24D5C64AB8BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*", "matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*", "matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*", "matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue." }, { "lang": "es", "value": "Microsoft Internet Explorer v8 y versiones anteriores, y la beta de Internet Explorer v9, no restringen adecuadamente las acciones de arrastrar y soltar a trav\u00e9s de diferentes zonas de seguridad, lo que permite leer archivos de cookies a atacantes remotos asistidos por el usuario a trav\u00e9s de vectores que implican un elemento IFRAME con un atributo SRC que contiene una URL file:, como lo demuestra un juego de Facebook, relacionado con un problema de \"cookiejacking\"." } ], "id": "CVE-2011-2382", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2011-06-03T17:55:00.763", "references": [ { "source": "cve@mitre.org", "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" }, { "source": "cve@mitre.org", "url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt" }, { "source": "cve@mitre.org", "url": "http://news.cnet.com/8301-1009_3-20066419-83.html" }, { "source": "cve@mitre.org", "url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" }, { "source": "cve@mitre.org", "url": "http://www.informationweek.com/news/security/vulnerabilities/229700031" }, { "source": "cve@mitre.org", "url": "http://www.networkworld.com/community/node/74259" }, { "source": "cve@mitre.org", "url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" }, { "source": "cve@mitre.org", "url": "http://www.youtube.com/watch?v=V95CX-3JpK0" }, { "source": "cve@mitre.org", "url": "http://www.youtube.com/watch?v=VsSkcnIFCxM" }, { "source": "cve@mitre.org", "url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://news.cnet.com/8301-1009_3-20066419-83.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.informationweek.com/news/security/vulnerabilities/229700031" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.networkworld.com/community/node/74259" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.youtube.com/watch?v=V95CX-3JpK0" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.youtube.com/watch?v=VsSkcnIFCxM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=106321638416884&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=106321693517858&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=106321781819727&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=106321882821788&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=106322063729496&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=106322240132721&w=2 | ||
cve@mitre.org | http://secunia.com/advisories/10192 | ||
cve@mitre.org | http://securitytracker.com/id?1007687 | ||
cve@mitre.org | http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/652452 | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.kb.cert.org/vuls/id/771604 | US Government Resource | |
cve@mitre.org | http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm | ||
cve@mitre.org | http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM | ||
cve@mitre.org | http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm | ||
cve@mitre.org | http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM | ||
cve@mitre.org | http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM | ||
cve@mitre.org | http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM | ||
cve@mitre.org | http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM | ||
cve@mitre.org | http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM | ||
cve@mitre.org | http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/336937 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/337086 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106321638416884&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106321693517858&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106321781819727&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106321882821788&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106322063729496&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106322240132721&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/10192 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1007687 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/652452 | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/771604 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/336937 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/337086 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability." }, { "lang": "es", "value": "Internet Explorer 6 SP1 y anteriores permite que atacantes remotos se salten restricciones de seguridad mediante: (1) uso del m\u00e9todo NavigateAndFind para descargar un fichero, (2) uso del m\u00e9todo window.open para cargar un fichero, (3) fijando la propriedad href en el tag base para la ventana _search, (4) cargando la venta de b\u00fasqueda en un Iframe, (5) capturando una URL de javascript en el hist\u00f3rico del navegador." } ], "id": "CVE-2003-0816", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-02-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/10192" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1007687" }, { "source": "cve@mitre.org", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/652452" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/771604" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/336937" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/337086" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/10192" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1007687" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/652452" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/771604" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/336937" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/337086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-02-12 23:00
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://marc.info/?l=bugtraq&m=120361015026386&w=2 | ||
secure@microsoft.com | http://marc.info/?l=bugtraq&m=120361015026386&w=2 | ||
secure@microsoft.com | http://secunia.com/advisories/28903 | ||
secure@microsoft.com | http://www.securityfocus.com/bid/27668 | ||
secure@microsoft.com | http://www.securitytracker.com/id?1019379 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA08-043C.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2008/0512/references | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5487 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=120361015026386&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=120361015026386&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28903 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/27668 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1019379 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA08-043C.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0512/references | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5487 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.01 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 7 | |
microsoft | ie | 7 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*", "matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "574EE6CB-7AF4-4DE2-B668-36BBCB19FCC1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "BE2858A5-C9BF-40D8-B3D2-056562BF1C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_sp2:*:*:*:*:*", "matchCriteriaId": "75234062-241B-421A-B7BC-610A5B0D8EF9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_sp2_itanium:*:*:*:*:*", "matchCriteriaId": "82D6ABD4-C607-44E8-8D84-25406AE0F3C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_x64_edition:*:*:*:*:*", "matchCriteriaId": "379FE901-58AC-4F47-9B3B-9A40D723CC88", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "EC18DBBB-9C9E-4532-B390-92C35E52943A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_xp_professional_x64_edition:*:*:*:*:*", "matchCriteriaId": "49C8060E-CFB9-4EEA-B5B9-B7607B046AE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_xp_professional_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "FB17CABD-21BE-454F-9602-19DB444A574C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp1_itanium:*:*:*:*:*", "matchCriteriaId": "AB202F47-248D-4290-955F-D1304C6F2395", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp2:*:*:*:*:*", "matchCriteriaId": "3994AE83-EC42-4893-AF51-BC98F35A53CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp2_itanium:*:*:*:*:*", "matchCriteriaId": "33F4B074-7BA5-4A36-A866-945D771D2EA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_x64_edition:*:*:*:*:*", "matchCriteriaId": "491333D2-FDB1-4FC8-B54C-19E06B57FC33", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "E8453618-EDD7-41F4-840E-AA323A873B2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_vista:*:*:*:*:*", "matchCriteriaId": "E5E8CC5B-B8E9-4B54-AE32-4632E77F0320", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_vista_x64:*:*:*:*:*", "matchCriteriaId": "EA7D9655-718E-42D6-9752-64BA3AAC5546", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_xp_professional_x64_edition:*:*:*:*:*", "matchCriteriaId": "8E5B894F-6E15-46DA-93B4-EAB9468D37A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_xp_professional_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "CCE0AF0B-DF2A-4F3F-8F5C-0E4056A34229", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka \"HTML Rendering Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Vulnerabilidad no espicificada en Microsoft Internet Explorer 5.01, 6 SP1 y SP2, y 7 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante combinaciones del dise\u00f1o HTML manipuladas, tambi\u00e9n conocido como \"HTML Rendering Memory Corruption Vulnerability.\"" } ], "id": "CVE-2008-0076", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-02-12T23:00:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/28903" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/27668" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1019379" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2008/0512/references" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5487" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28903" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27668" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019379" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0512/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5487" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-02-12 23:00
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://marc.info/?l=bugtraq&m=120361015026386&w=2 | ||
secure@microsoft.com | http://marc.info/?l=bugtraq&m=120361015026386&w=2 | ||
secure@microsoft.com | http://secunia.com/advisories/28903 | ||
secure@microsoft.com | http://www.securityfocus.com/bid/27689 | ||
secure@microsoft.com | http://www.securitytracker.com/id?1019381 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA08-043C.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2008/0512/references | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=120361015026386&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=120361015026386&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28903 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/27689 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1019381 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA08-043C.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0512/references | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | activex | * | |
microsoft | ie | 5.01 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 7 | |
microsoft | ie | 7 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:activex:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDEF84E6-3C24-4B73-96A4-467F5C03DB04", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*", "matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "574EE6CB-7AF4-4DE2-B668-36BBCB19FCC1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "BE2858A5-C9BF-40D8-B3D2-056562BF1C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_sp2:*:*:*:*:*", "matchCriteriaId": "75234062-241B-421A-B7BC-610A5B0D8EF9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_sp2_itanium:*:*:*:*:*", "matchCriteriaId": "82D6ABD4-C607-44E8-8D84-25406AE0F3C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_x64_edition:*:*:*:*:*", "matchCriteriaId": "379FE901-58AC-4F47-9B3B-9A40D723CC88", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "EC18DBBB-9C9E-4532-B390-92C35E52943A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_xp_professional_x64_edition:*:*:*:*:*", "matchCriteriaId": "49C8060E-CFB9-4EEA-B5B9-B7607B046AE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_xp_professional_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "FB17CABD-21BE-454F-9602-19DB444A574C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp1_itanium:*:*:*:*:*", "matchCriteriaId": "AB202F47-248D-4290-955F-D1304C6F2395", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp2:*:*:*:*:*", "matchCriteriaId": "3994AE83-EC42-4893-AF51-BC98F35A53CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp2_itanium:*:*:*:*:*", "matchCriteriaId": "33F4B074-7BA5-4A36-A866-945D771D2EA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_x64_edition:*:*:*:*:*", "matchCriteriaId": "491333D2-FDB1-4FC8-B54C-19E06B57FC33", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "E8453618-EDD7-41F4-840E-AA323A873B2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_vista:*:*:*:*:*", "matchCriteriaId": "E5E8CC5B-B8E9-4B54-AE32-4632E77F0320", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_vista_x64:*:*:*:*:*", "matchCriteriaId": "EA7D9655-718E-42D6-9752-64BA3AAC5546", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_xp_professional_x64_edition:*:*:*:*:*", "matchCriteriaId": "8E5B894F-6E15-46DA-93B4-EAB9468D37A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_xp_professional_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "CCE0AF0B-DF2A-4F3F-8F5C-0E4056A34229", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka \"Argument Handling Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Vulnerabilidad sin especificar en el Control ActiveX (dxtmsft.dll) en Microsoft Internet Explorer 5.01, 6 SP1 y SP2, y 7, que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una imagen manipulada, tambi\u00e9n conocida como \"Vulnerabilidad de memoria en el manejo de un argumento\"" } ], "id": "CVE-2008-0078", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-02-12T23:00:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/28903" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/27689" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1019381" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2008/0512/references" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28903" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27689" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019381" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0512/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-01-19 01:28
Modified
2025-04-09 00:30
Severity ?
Summary
The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/bid/22092 | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/31549 | ||
cve@mitre.org | https://www.exploit-db.com/exploits/3142 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22092 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/31549 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/3142 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
common_controls_replacement_project | foldertreeview_activex_control | * | |
microsoft | ie | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:common_controls_replacement_project:foldertreeview_activex_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "29F98C8E-9D77-4A14-AFF4-3516DD3A5676", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value." }, { "lang": "es", "value": "The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) Control ActiveX (ccrpftv6.ocx) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de Internet Explorer 7) mediante un valor de propiedad CCRP.RootFolder largo." } ], "id": "CVE-2007-0356", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-01-19T01:28:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/22092" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31549" }, { "source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3142" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/22092" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31549" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/3142" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.idefense.com/application/poi/display?id=77&type=vulnerabilities&flashstatus=false | ||
cve@mitre.org | http://www.securityfocus.com/bid/9761 | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/15337 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.idefense.com/application/poi/display?id=77&type=vulnerabilities&flashstatus=false | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9761 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/15337 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE." } ], "id": "CVE-2004-2383", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.idefense.com/application/poi/display?id=77\u0026type=vulnerabilities\u0026flashstatus=false" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/9761" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15337" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.idefense.com/application/poi/display?id=77\u0026type=vulnerabilities\u0026flashstatus=false" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/9761" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15337" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-07-22 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html | ||
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html | ||
cve@mitre.org | http://websecurity.com.ua/3338/ | Exploit | |
cve@mitre.org | http://www.securityfocus.com/archive/1/505092/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/505120/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/505122/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://websecurity.com.ua/3338/ | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/505092/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/505120/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/505122/100/0/threaded |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | * | |
microsoft | ie | * | |
microsoft | ie | 2.0 | |
microsoft | ie | 2.0_beta | |
microsoft | ie | 3.0 | |
microsoft | ie | 3.0 | |
microsoft | ie | 3.0.1 | |
microsoft | ie | 3.01 | |
microsoft | ie | 3.1 | |
microsoft | ie | 4.0 | |
microsoft | ie | 4.0 | |
microsoft | ie | 4.0 | |
microsoft | ie | 4.0 | |
microsoft | ie | 4.0 | |
microsoft | ie | 4.0.1 | |
microsoft | ie | 4.0.1 | |
microsoft | ie | 4.0.1 | |
microsoft | ie | 4.0.1 | |
microsoft | ie | 4.0a | |
microsoft | ie | 4.1 | |
microsoft | ie | 4.1 | |
microsoft | ie | 4.1 | |
microsoft | ie | 4.5 | |
microsoft | ie | 4.5 | |
microsoft | ie | 4.x | |
microsoft | ie | 5 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0_ta3 | |
microsoft | ie | 5.1 | |
microsoft | ie | 5.1 | |
microsoft | ie | 5.01 | |
microsoft | ie | 5.1.1 | |
microsoft | ie | 5.1.7 | |
microsoft | ie | 5.2 | |
microsoft | ie | 5.2.3 | |
microsoft | ie | 5.2.3 | |
microsoft | ie | 5.22 | |
microsoft | ie | 5.x | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | internet_explorer | * | |
microsoft | internet_explorer | 3.0 | |
microsoft | internet_explorer | 3.0.1 | |
microsoft | internet_explorer | 3.0.2 | |
microsoft | internet_explorer | 3.1 | |
microsoft | internet_explorer | 3.2 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.01 | |
microsoft | internet_explorer | 4.1 | |
microsoft | internet_explorer | 4.01 | |
microsoft | internet_explorer | 4.5 | |
microsoft | internet_explorer | 4.40.308 | |
microsoft | internet_explorer | 4.40.520 | |
microsoft | internet_explorer | 4.70.1155 | |
microsoft | internet_explorer | 4.70.1158 | |
microsoft | internet_explorer | 4.70.1215 | |
microsoft | internet_explorer | 4.70.1300 | |
microsoft | internet_explorer | 4.71.1008.3 | |
microsoft | internet_explorer | 4.71.1712.6 | |
microsoft | internet_explorer | 4.72.2106.8 | |
microsoft | internet_explorer | 4.72.3110.8 | |
microsoft | internet_explorer | 4.72.3612.1713 | |
microsoft | internet_explorer | 5 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.00.0518.10 | |
microsoft | internet_explorer | 5.00.0910.1309 | |
microsoft | internet_explorer | 5.00.2014.0216 | |
microsoft | internet_explorer | 5.00.2516.1900 | |
microsoft | internet_explorer | 5.00.2614.3500 | |
microsoft | internet_explorer | 5.00.2919.800 | |
microsoft | internet_explorer | 5.00.2919.6307 | |
microsoft | internet_explorer | 5.00.2920.0000 | |
microsoft | internet_explorer | 5.00.3103.1000 | |
microsoft | internet_explorer | 5.00.3105.0106 | |
microsoft | internet_explorer | 5.00.3314.2101 | |
microsoft | internet_explorer | 5.00.3315.1000 | |
microsoft | internet_explorer | 5.00.3502.1000 | |
microsoft | internet_explorer | 5.00.3700.1000 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.2.3 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.50.3825.1300 | |
microsoft | internet_explorer | 5.50.4030.2400 | |
microsoft | internet_explorer | 5.50.4134.0100 | |
microsoft | internet_explorer | 5.50.4134.0600 | |
microsoft | internet_explorer | 5.50.4308.2900 | |
microsoft | internet_explorer | 5.50.4522.1800 | |
microsoft | internet_explorer | 5.50.4807.2300 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:*:*:mac\\+os:*:*:*:*:*", "matchCriteriaId": "0707D29A-7F34-49F5-B301-66E6AB0910BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:*:*:mobile:*:*:*:*:*", "matchCriteriaId": "5307C089-099E-4E5B-B19E-2880C9FAA4EF", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:2.0:*:mac\\+os:*:*:*:*:*", "matchCriteriaId": "88771C30-6BF2-4D37-8EFA-0EECF55EC080", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:2.0_beta:*:mac\\+os:*:*:*:*:*", "matchCriteriaId": "DF0BFC00-6549-431F-BE37-E4509A13162F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:3.0:*:mac\\+os:*:*:*:*:*", "matchCriteriaId": "D94D0C3A-FAE3-4EE3-9B58-D2ADB98661F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:3.0:*:mac_os:*:*:*:*:*", "matchCriteriaId": "2277E59E-D981-4D9D-8FC0-F124FB8B9C5B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:3.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "731F2F05-A1BB-4BE8-B761-EE04ED6ABBE1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:3.01:*:mac\\+os:*:*:*:*:*", "matchCriteriaId": "0FAE41C7-AACF-40F0-A818-AD77F5FC2E9B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:3.1:*:mac_os:*:*:*:*:*", "matchCriteriaId": "C6CB69E1-189F-425C-9023-DE2741669507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:mac\\+os:*:*:*:*:*", "matchCriteriaId": "ACAAD50F-B9F0-4CD8-B681-A8F889E95946", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:mac_os:*:*:*:*:*", "matchCriteriaId": "B1C0170E-9574-4C90-94F3-F2C2851E2917", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "D0BDA2A8-EBB9-47AB-9DA0-5C24527F7210", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0:a:*:*:*:*:*:*", "matchCriteriaId": "EB817B2B-6F65-4989-9177-153518F32894", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:mac_os:*:*:*:*:*", "matchCriteriaId": "D4A15873-B3D2-4017-99CF-E3625FD227F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "5680FE7F-95EE-46B2-B930-4A3DC27FD1A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "ACC3A8B3-4E8C-46BD-965C-4EF655B9018D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "F7739338-DAE1-403F-B22C-2CFAC884E09A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0a:*:mac\\+os:*:*:*:*:*", "matchCriteriaId": "D33EA2D3-B139-42E3-A0EE-F5CEE1A5CDE0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "D45C47A8-8B5F-4A49-8B36-FCBA09029375", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "0CFF1B46-BEDD-4D96-90EA-EE4376AFCAF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "84730D4D-7887-4A64-8C76-F50C85309FE7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.5:*:mac_os:*:*:*:*:*", "matchCriteriaId": "822AC264-EF4E-4CEC-A210-74166883A8B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.5:*:macintosh:*:*:*:*:*", "matchCriteriaId": "55EAB232-C39A-4737-85F3-3D727C727F2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.x:*:*:*:*:*:*:*", "matchCriteriaId": "45091F51-BA28-4FEB-9F84-58AC2E1DB48F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:mac\\+os:*:*:*:*:*", "matchCriteriaId": "77C7AB44-B436-48D7-B9CE-ED4B40FE8E72", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:macos:*:*:*:*:*", "matchCriteriaId": "D3F350E9-3677-43B3-984F-DA39397D6885", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:mobile:*:*:*:*:*", "matchCriteriaId": "A71EC272-AA18-4D4D-B8E5-B9FC6D8E7DE2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows:*:*:*:*:*", "matchCriteriaId": "D2CFDA81-A703-4330-88B0-F3F18B3BB7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*", "matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "9CD5EAB0-B400-41C6-B96E-B7594DB0226F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "C26125C2-2476-43E8-8878-8C1A5A8B244F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "FED6949F-54D0-4D36-B6A8-59EBFA2611E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0_ta3:*:*:*:*:*:*:*", "matchCriteriaId": "A086C4BD-F015-45F9-AF24-763F0FDF4268", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.1:*:mac\\+os:*:*:*:*:*", "matchCriteriaId": "7CCA85F0-B084-4788-81FD-7E22B6905468", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.1:*:mac_os:*:*:*:*:*", "matchCriteriaId": "4CF91C2F-EE6D-4C9E-8F39-1F632399EC49", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.01:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "C81BBD0A-0A4D-4238-9526-3738DAE69E4E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.1.1:*:mac\\+os:*:*:*:*:*", "matchCriteriaId": "1B4B8AA3-5DA4-4E90-8939-1E1B834BD321", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.1.7:*:mac\\+os:*:*:*:*:*", "matchCriteriaId": "B1096B7C-07C8-4EA0-BD2F-11844D424EE0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.2:*:mac\\+os:*:*:*:*:*", "matchCriteriaId": "E078D001-060D-46A6-B339-4C6D56E7E675", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.2.3:*:mac\\+os:*:*:*:*:*", "matchCriteriaId": "BBEC9FD1-62D9-4F2C-928B-B1292FD784A3", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.2.3:*:macintosh:*:*:*:*:*", "matchCriteriaId": "EB51F2D6-3CCA-4695-8A92-39999749B3DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.22:*:*:*:*:*:*:*", "matchCriteriaId": "226A1B77-A80E-4ADE-8318-749CD1AD7CD0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*", "matchCriteriaId": "B0DCFCBD-8EDF-47B5-823F-5E05CD22AF4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:microsoft_windows_server_2003_sp1:*:*:*:*:*", "matchCriteriaId": "12D23F59-5C49-4DE0-85E8-15287140660D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "CD115D64-87D8-4868-B247-16B83591B7FE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "11A09F26-5FE3-4879-9FCB-769F8FB3D067", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*", "matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_2000:*:*:*:*:*", "matchCriteriaId": "0FBE3FC4-569D-4855-A8C2-AA5B19347C31", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*", "matchCriteriaId": "B1D7486F-1B6C-4705-B73C-F763F36F5150", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*", "matchCriteriaId": "6DBFDCF4-ACC7-4196-BA4D-2A35FAA5E1F0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*", "matchCriteriaId": "5E49636B-A425-4595-9663-A22A9F7C7D30", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*", "matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD2BF527-F6EB-4E46-9B33-B97795CCF74E", "versionEndIncluding": "6.0.2900.2180", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F62AC866-A06F-47DB-AEDF-E345CE0B14A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "0AF9C64F-9A67-4BA9-A653-75507935E6EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:*:*:*:*:*:*:*", "matchCriteriaId": "B9D82B89-456D-41CB-A894-B6A22FB4415D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "2E21CE6E-2B33-4225-B1DC-C19F1D578040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.308:*:*:*:*:*:*:*", "matchCriteriaId": "0A652453-AB5F-405C-ABDE-CE1B54FEACED", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.520:*:*:*:*:*:*:*", "matchCriteriaId": "141080AB-48DE-4885-BAB6-6F0937ABD49B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1155:*:*:*:*:*:*:*", "matchCriteriaId": "EB758D76-B7F6-4E87-B88D-620443655CA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1158:*:*:*:*:*:*:*", "matchCriteriaId": "28655AC5-1512-4F45-9963-CA26F73981CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1215:*:*:*:*:*:*:*", "matchCriteriaId": "C00F4F36-B88A-4FDB-BE52-83C6EF60BDB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1300:*:*:*:*:*:*:*", "matchCriteriaId": "BEC05584-F553-4D29-9C46-C9EE5F0CB166", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:*:*:*:*:*:*:*", "matchCriteriaId": "BA3F79B8-512A-4B88-868C-7C4ADFD223C9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:*:*:*:*:*:*:*", "matchCriteriaId": "078C3A86-C9F8-4A19-9DDC-1065B54E640F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:*:*:*:*:*:*:*", "matchCriteriaId": "9030923C-356E-4FAB-8E64-03D462B4DB5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:*:*:*:*:*:*:*", "matchCriteriaId": "DC0FFABC-8BED-4838-85FE-406DC9CF9B92", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:*:*:*:*:*:*:*", "matchCriteriaId": "C9DB4A00-4F70-4189-81BD-9318C52DF2D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:*:*:*:*:*:*:*", "matchCriteriaId": "FBFE8C8E-F46C-4179-AE83-CE4720C8E0E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:*:*:*:*:*:*:*", "matchCriteriaId": "61125B09-23AA-4D5A-8332-6B5CCD80C7A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:*:*:*:*:*:*:*", "matchCriteriaId": "3AECF59F-B3C0-44CC-B77A-30E32B3E8BB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2516.1900:*:*:*:*:*:*:*", "matchCriteriaId": "4E215C82-E4AD-4B87-92D8-DD4D486EB6EF", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500:*:*:*:*:*:*:*", "matchCriteriaId": "D91F4C80-3B1B-45BD-966F-C9DBF98B875D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800:*:*:*:*:*:*:*", "matchCriteriaId": "F65E0DC1-40F6-4252-945A-A972343D1E29", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307:*:*:*:*:*:*:*", "matchCriteriaId": "EDC57519-AD96-4ECF-A5B2-4E45F7D55298", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000:*:*:*:*:*:*:*", "matchCriteriaId": "37DE3DE6-A355-41F2-BF5E-E7526449E753", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000:*:*:*:*:*:*:*", "matchCriteriaId": "5DB24B4F-44FF-4F0F-90FA-240A34B9599F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106:*:*:*:*:*:*:*", "matchCriteriaId": "919A6551-DB18-49BD-AB92-4C453B3B728F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101:*:*:*:*:*:*:*", "matchCriteriaId": "C512DAB3-2720-42D2-B27E-28F30FE0FE46", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000:*:*:*:*:*:*:*", "matchCriteriaId": "CB90458F-1F2B-4F4C-88C6-4B670787D126", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000:*:*:*:*:*:*:*", "matchCriteriaId": "6C2EFDB4-97C2-4DDF-8A65-FCFB60FCB540", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000:*:*:*:*:*:*:*", "matchCriteriaId": "4A99CDC7-9341-4DFB-BB18-FF06C05FF9B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.3825.1300:*:*:*:*:*:*:*", "matchCriteriaId": "8BA6BA38-8B3B-4B9A-95BF-BCD412DD83B6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4030.2400:*:*:*:*:*:*:*", "matchCriteriaId": "01BD2A05-3FCE-4C5D-8228-968630F27E28", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0100:*:*:*:*:*:*:*", "matchCriteriaId": "4430779C-C678-4950-AE9E-82CDFC1A08D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0600:*:*:*:*:*:*:*", "matchCriteriaId": "BF0EC334-AEAD-43CA-A609-C027060F4F20", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4308.2900:*:*:*:*:*:*:*", "matchCriteriaId": "BAF320BE-F022-4E0E-9815-B8AEED87B384", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4522.1800:*:*:*:*:*:*:*", "matchCriteriaId": "75532B2D-6814-4D20-8AEB-E7DFD66B6423", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4807.2300:*:*:*:*:*:*:*", "matchCriteriaId": "83802E30-8E7D-4CAB-B8FC-10056CF833D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected." }, { "lang": "es", "value": "Microsoft Internet Explorer v6.0.2900.2180 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria y CPU) a trav\u00e9s de un argumento de cadena de caracteres Unicode larga para el m\u00e9todo de escritura, siendo un asunto relacionado con CVE-2009-2479." } ], "id": "CVE-2009-2576", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2009-07-22T18:30:00.483", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://websecurity.com.ua/3338/" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/505092/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/505120/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/505122/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://websecurity.com.ua/3338/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/505092/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/505120/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/505122/100/0/threaded" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=105120164927952&w=2 | ||
cve@mitre.org | http://www.iss.net/security_center/static/11854.php | Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=105120164927952&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/11854.php | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en el mont\u00edculo (heap) en plugin.ocx de Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrari mediante el m\u00e9todo Load(), una vulnerabilidad distinta de CAN-2003-0115." } ], "id": "CVE-2003-0233", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-05-12T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=105120164927952\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11854.php" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=105120164927952\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11854.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/9580 | ||
cve@mitre.org | http://www.cert.org/advisories/CA-2003-22.html | US Government Resource | |
cve@mitre.org | http://www.kb.cert.org/vuls/id/205148 | US Government Resource | |
cve@mitre.org | http://www.lac.co.jp/security/english/snsadv_e/67_e.html | ||
cve@mitre.org | http://www.securityfocus.com/bid/8457 | Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/12961 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/9580 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2003-22.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/205148 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/security/english/snsadv_e/67_e.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/8457 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/12961 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the \"Browser Cache Script Execution in My Computer Zone\" vulnerability." }, { "lang": "es", "value": "Internet Explorer 5.01 SP3 a 6.0 SP1 permite a atacantes remotos acceder a y ejecutar script en el dominio \"Mi PC\" usando la cach\u00e9 del navegador; tambi\u00e9n llamada vulnerabilidad \"Ejecuci\u00f3n de scritp en el navegador en la zona Mi PC\"." } ], "id": "CVE-2003-0531", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-08-27T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/9580" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2003-22.html" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/205148" }, { "source": "cve@mitre.org", "url": "http://www.lac.co.jp/security/english/snsadv_e/67_e.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/8457" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12961" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/9580" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2003-22.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/205148" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.lac.co.jp/security/english/snsadv_e/67_e.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/8457" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12961" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-07-18 15:47
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html | Exploit | |
cve@mitre.org | http://www.osvdb.org/27059 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2814 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/27760 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27059 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2814 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27760 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 6 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check." }, { "lang": "es", "value": "Microsoft Internet Explorer 6 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s del acceso a referencia a objeto de un objeto Active X FolderItem, el cual dispara un referencia null en la validaci\u00f3n de seguridad." } ], "id": "CVE-2006-3658", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-07-18T15:47:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/27059" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2814" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27760" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27059" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2814" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27760" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.iss.net/security_center/static/7592.php | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/241323 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/241400 | ||
cve@mitre.org | http://www.securityfocus.com/bid/3563 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/7592.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/241323 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/241400 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3563 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 4.0 | |
microsoft | ie | 4.0.1 | |
microsoft | ie | 4.0.1 | |
microsoft | ie | 4.1 | |
microsoft | ie | 4.1 | |
microsoft | ie | 4.1 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "ACC3A8B3-4E8C-46BD-965C-4EF655B9018D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "F7739338-DAE1-403F-B22C-2CFAC884E09A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "D45C47A8-8B5F-4A49-8B36-FCBA09029375", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "0CFF1B46-BEDD-4D96-90EA-EE4376AFCAF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "84730D4D-7887-4A64-8C76-F50C85309FE7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack." } ], "id": "CVE-2001-1497", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/7592.php" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/241323" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/241400" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/3563" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/7592.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/241323" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/241400" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/3563" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-11-08 22:07
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html | Exploit | |
cve@mitre.org | http://securitytracker.com/id?1017165 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/archive/1/450722/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1017165 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/450722/100/0/threaded |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site\u0027s URL in the address bar but causes Internet Explorer to report that the certificate is invalid." }, { "lang": "es", "value": "Microsoft Internet Explorer 7 permite a atacantes remotos provocar que un certificado de seguridad de una p\u00e1gina segura, aparezca como inv\u00e1lido mediante un enlace a res://ieframe.dll/invalidcert.htm con el sitio objetivo como argumento, lo que muestra la URL del sitio en la barra de direcciones y hace que el Internet Explorer informe de que el certificado no es v\u00e1lido." } ], "id": "CVE-2006-5805", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-11-08T22:07:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://securitytracker.com/id?1017165" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/450722/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://securitytracker.com/id?1017165" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/450722/100/0/threaded" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-06-15 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://research.microsoft.com/apps/pubs/default.aspx?id=79323 | ||
cve@mitre.org | http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf | ||
cve@mitre.org | http://www.securityfocus.com/bid/35411 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://research.microsoft.com/apps/pubs/default.aspx?id=79323 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35411 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.22 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 3.0 | |
microsoft | internet_explorer | 3.0.1 | |
microsoft | internet_explorer | 3.0.2 | |
microsoft | internet_explorer | 3.1 | |
microsoft | internet_explorer | 3.2 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.01 | |
microsoft | internet_explorer | 4.1 | |
microsoft | internet_explorer | 4.01 | |
microsoft | internet_explorer | 4.5 | |
microsoft | internet_explorer | 4.40.308 | |
microsoft | internet_explorer | 4.40.520 | |
microsoft | internet_explorer | 4.70.1155 | |
microsoft | internet_explorer | 4.70.1158 | |
microsoft | internet_explorer | 4.70.1215 | |
microsoft | internet_explorer | 4.70.1300 | |
microsoft | internet_explorer | 4.71.544 | |
microsoft | internet_explorer | 4.71.1008.3 | |
microsoft | internet_explorer | 4.71.1712.6 | |
microsoft | internet_explorer | 4.72.2106.8 | |
microsoft | internet_explorer | 4.72.3110.8 | |
microsoft | internet_explorer | 4.72.3612.1713 | |
microsoft | internet_explorer | 5 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.00.0518.10 | |
microsoft | internet_explorer | 5.00.0910.1309 | |
microsoft | internet_explorer | 5.00.2014.0216 | |
microsoft | internet_explorer | 5.00.2314.1003 | |
microsoft | internet_explorer | 5.00.2614.3500 | |
microsoft | internet_explorer | 5.00.2919.800 | |
microsoft | internet_explorer | 5.00.2919.3800 | |
microsoft | internet_explorer | 5.00.2919.6307 | |
microsoft | internet_explorer | 5.00.2920.0000 | |
microsoft | internet_explorer | 5.00.3103.1000 | |
microsoft | internet_explorer | 5.00.3105.0106 | |
microsoft | internet_explorer | 5.00.3314.2101 | |
microsoft | internet_explorer | 5.00.3315.1000 | |
microsoft | internet_explorer | 5.00.3502.1000 | |
microsoft | internet_explorer | 5.00.3700.1000 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.2.3 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.50.3825.1300 | |
microsoft | internet_explorer | 5.50.4030.2400 | |
microsoft | internet_explorer | 5.50.4134.0600 | |
microsoft | internet_explorer | 5.50.4308.2900 | |
microsoft | internet_explorer | 5.50.4522.1800 | |
microsoft | internet_explorer | 5.50.4807.2300 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.00.2462.0000 | |
microsoft | internet_explorer | 6.00.2479.0006 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.00.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 6.00.2900.2180 | |
microsoft | internet_explorer | 6.00.3663.0000 | |
microsoft | internet_explorer | 6.00.3790.0000 | |
microsoft | internet_explorer | 6.00.3790.1830 | |
microsoft | internet_explorer | 6.00.3790.3959 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0.5730.11 | |
microsoft | internet_explorer | 7.00.5730.1100 | |
microsoft | internet_explorer | 7.00.6000.16386 | |
microsoft | internet_explorer | 7.00.6000.16441 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "C26125C2-2476-43E8-8878-8C1A5A8B244F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "FED6949F-54D0-4D36-B6A8-59EBFA2611E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.22:*:*:*:*:*:*:*", "matchCriteriaId": "226A1B77-A80E-4ADE-8318-749CD1AD7CD0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F62AC866-A06F-47DB-AEDF-E345CE0B14A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "0AF9C64F-9A67-4BA9-A653-75507935E6EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:*:*:*:*:*:*:*", "matchCriteriaId": "B9D82B89-456D-41CB-A894-B6A22FB4415D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "2E21CE6E-2B33-4225-B1DC-C19F1D578040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.308:*:*:*:*:*:*:*", "matchCriteriaId": "0A652453-AB5F-405C-ABDE-CE1B54FEACED", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.520:*:*:*:*:*:*:*", "matchCriteriaId": "141080AB-48DE-4885-BAB6-6F0937ABD49B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1155:*:*:*:*:*:*:*", "matchCriteriaId": "EB758D76-B7F6-4E87-B88D-620443655CA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1158:*:*:*:*:*:*:*", "matchCriteriaId": "28655AC5-1512-4F45-9963-CA26F73981CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1215:*:*:*:*:*:*:*", "matchCriteriaId": "C00F4F36-B88A-4FDB-BE52-83C6EF60BDB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1300:*:*:*:*:*:*:*", "matchCriteriaId": "BEC05584-F553-4D29-9C46-C9EE5F0CB166", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.544:*:*:*:*:*:*:*", "matchCriteriaId": "B108A86E-8387-446C-B823-BE6FCAE747A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:*:*:*:*:*:*:*", "matchCriteriaId": "BA3F79B8-512A-4B88-868C-7C4ADFD223C9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:*:*:*:*:*:*:*", "matchCriteriaId": "078C3A86-C9F8-4A19-9DDC-1065B54E640F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:*:*:*:*:*:*:*", "matchCriteriaId": "9030923C-356E-4FAB-8E64-03D462B4DB5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:*:*:*:*:*:*:*", "matchCriteriaId": "DC0FFABC-8BED-4838-85FE-406DC9CF9B92", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:*:*:*:*:*:*:*", "matchCriteriaId": "C9DB4A00-4F70-4189-81BD-9318C52DF2D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:*:*:*:*:*:*:*", "matchCriteriaId": "FBFE8C8E-F46C-4179-AE83-CE4720C8E0E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:*:*:*:*:*:*:*", "matchCriteriaId": "61125B09-23AA-4D5A-8332-6B5CCD80C7A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:*:*:*:*:*:*:*", "matchCriteriaId": "3AECF59F-B3C0-44CC-B77A-30E32B3E8BB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2314.1003:*:*:*:*:*:*:*", "matchCriteriaId": "D4690B85-86B9-448E-9249-B3885DEDC60E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500:*:*:*:*:*:*:*", "matchCriteriaId": "D91F4C80-3B1B-45BD-966F-C9DBF98B875D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800:*:*:*:*:*:*:*", "matchCriteriaId": "F65E0DC1-40F6-4252-945A-A972343D1E29", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.3800:*:*:*:*:*:*:*", "matchCriteriaId": "8C07C1A9-1A94-4653-8C57-6FCFC25854E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307:*:*:*:*:*:*:*", "matchCriteriaId": "EDC57519-AD96-4ECF-A5B2-4E45F7D55298", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000:*:*:*:*:*:*:*", "matchCriteriaId": "37DE3DE6-A355-41F2-BF5E-E7526449E753", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000:*:*:*:*:*:*:*", "matchCriteriaId": "5DB24B4F-44FF-4F0F-90FA-240A34B9599F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106:*:*:*:*:*:*:*", "matchCriteriaId": "919A6551-DB18-49BD-AB92-4C453B3B728F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101:*:*:*:*:*:*:*", "matchCriteriaId": "C512DAB3-2720-42D2-B27E-28F30FE0FE46", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000:*:*:*:*:*:*:*", "matchCriteriaId": "CB90458F-1F2B-4F4C-88C6-4B670787D126", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000:*:*:*:*:*:*:*", "matchCriteriaId": "6C2EFDB4-97C2-4DDF-8A65-FCFB60FCB540", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000:*:*:*:*:*:*:*", "matchCriteriaId": "4A99CDC7-9341-4DFB-BB18-FF06C05FF9B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.3825.1300:*:*:*:*:*:*:*", "matchCriteriaId": "8BA6BA38-8B3B-4B9A-95BF-BCD412DD83B6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4030.2400:*:*:*:*:*:*:*", "matchCriteriaId": "01BD2A05-3FCE-4C5D-8228-968630F27E28", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0600:*:*:*:*:*:*:*", "matchCriteriaId": "BF0EC334-AEAD-43CA-A609-C027060F4F20", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4308.2900:*:*:*:*:*:*:*", "matchCriteriaId": "BAF320BE-F022-4E0E-9815-B8AEED87B384", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4522.1800:*:*:*:*:*:*:*", "matchCriteriaId": "75532B2D-6814-4D20-8AEB-E7DFD66B6423", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4807.2300:*:*:*:*:*:*:*", "matchCriteriaId": "83802E30-8E7D-4CAB-B8FC-10056CF833D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*", "matchCriteriaId": "314538E8-48EC-4869-9074-2A1F5B7CBB3C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*", "matchCriteriaId": "F56B3A72-7C5E-4F0C-BBC7-AA13DDFBEE70", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "BCE2555F-C4BE-482F-8DD9-976D2026058C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "61F352FE-C22E-4B33-A46F-77A164B5DABB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*", "matchCriteriaId": "5ACD5A44-0926-4A1B-9900-1E7CC0A561C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*", "matchCriteriaId": "3E16BEF4-71AA-4E23-B438-D25FFABDB646", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*", "matchCriteriaId": "1F32702E-F955-4DDB-B235-7C47E882453C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*", "matchCriteriaId": "6FA2B4AD-C04D-4A6B-8570-5A2F5489F750", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*", "matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*", "matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*", "matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request." }, { "lang": "es", "value": "Microsoft Internet Explorer anterior a 8 muestra un certificado cacheado para una p\u00e1gina de respuesta CONEXI\u00d3N (1) 4xx o (2) 5xx por un servidor proxy, lo que permite a los atacantes \"hombre en el medio\" suplantar una p\u00e1gina https permitiendo al navegador obtener un certificado v\u00e1lido desde esta p\u00e1gina, durante una petici\u00f3n, y enviando al navegador una p\u00e1gina de repuesta 502 manipulada sobre la subsiguiente petici\u00f3n." } ], "id": "CVE-2009-2069", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-06-15T19:30:05.687", "references": [ { "source": "cve@mitre.org", "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" }, { "source": "cve@mitre.org", "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35411" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35411" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-287" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-03-02 21:18
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html | Exploit | |
cve@mitre.org | http://www.securityfocus.com/bid/19364 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19364 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 7 | |
microsoft | ie | 7 | |
microsoft | ie | 7 | |
microsoft | ie | 7 | |
microsoft | ie | 7.0 | |
microsoft | ie | 7.0 | |
microsoft | ie | 7.0 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
canon | network_camera_server_vb101 | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:*:microsoft_windows_server_2003_sp1:*:*:*:*:*", "matchCriteriaId": "12D23F59-5C49-4DE0-85E8-15287140660D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "CD115D64-87D8-4868-B247-16B83591B7FE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "11A09F26-5FE3-4879-9FCB-769F8FB3D067", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*", "matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*", "matchCriteriaId": "B1D7486F-1B6C-4705-B73C-F763F36F5150", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*", "matchCriteriaId": "6DBFDCF4-ACC7-4196-BA4D-2A35FAA5E1F0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*", "matchCriteriaId": "5E49636B-A425-4595-9663-A22A9F7C7D30", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*", "matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*", "matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*", "matchCriteriaId": "3665D68D-8E1E-4FA9-97B9-9E099DDE84F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server:*:*:*:*:*", "matchCriteriaId": "8D4BD1B0-8A91-4ED2-9C0D-BF87D18A01C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windowsxp:*:*:*:*:*", "matchCriteriaId": "DACE76B0-02BC-4624-A21E-405A893D7437", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_2000:*:*:*:*:*", "matchCriteriaId": "09A21D9F-6F51-4761-B7DB-E79CE60A0E09", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_xp:*:*:*:*:*", "matchCriteriaId": "BA04D0A1-23AE-4C0F-8FE3-FD88D75CDA03", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:windows_xp:*:*:*:*:*", "matchCriteriaId": "B0BFE49F-932B-469C-9B3C-5011D093E1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "A53E9D33-ECCD-428B-A117-3EB04B9554C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "5B5F31E2-2060-45BC-9724-A447544905E0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "73C3794B-E4B8-4AFB-9025-EDC5A2F44586", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "574EE6CB-7AF4-4DE2-B668-36BBCB19FCC1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "BE2858A5-C9BF-40D8-B3D2-056562BF1C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "4A33815E-5D85-4F0E-A4D1-DB31A64C8801", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7.0:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "DF4D6428-CD8B-4155-A876-89B0938AC02E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference." }, { "lang": "es", "value": "Microsoft Internet Explorer permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de un IFRAME con ciertos archivos XML y plantillas de estilo XSL que disparan una cauda en mshtml.dll cuando un se llama se solicita un refresco de cotenido, probablemente a un puntero de referencia nula." } ], "id": "CVE-2006-7065", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-03-02T21:18:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/19364" }, { "source": "cve@mitre.org", "url": "http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/19364" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-12-20 02:28
Modified
2025-04-09 00:30
Severity ?
Summary
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://securitytracker.com/id?1017397 | ||
cve@mitre.org | http://shinnai.altervista.org/viewtopic.php?id=41&t_id=8 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/bid/21649 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1017397 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://shinnai.altervista.org/viewtopic.php?id=41&t_id=8 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/21649 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:*:*", "matchCriteriaId": "91EB05F7-D88A-40AA-A8CB-F76C449878AA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML." }, { "lang": "es", "value": "El control ActiveX Recipient de Microsoft Office Outlook (ole32.dll) en Windows XP SP2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue de Internet Explorer 7) mediante una HTML artesanal." } ], "id": "CVE-2006-6659", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-12-20T02:28:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017397" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://shinnai.altervista.org/viewtopic.php?id=41\u0026t_id=8" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21649" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017397" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://shinnai.altervista.org/viewtopic.php?id=41\u0026t_id=8" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21649" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-06-13 19:06
Modified
2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/20595 | Vendor Advisory | |
secure@microsoft.com | http://securitytracker.com/id?1016291 | ||
secure@microsoft.com | http://www.osvdb.org/26446 | ||
secure@microsoft.com | http://www.securityfocus.com/bid/18320 | ||
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/2319 | Vendor Advisory | |
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/26782 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1167 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1423 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1609 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1665 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1911 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1916 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20595 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016291 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/26446 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18320 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2319 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/26782 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1167 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1423 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1609 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1665 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1911 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1916 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.01 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file." }, { "lang": "es", "value": "Vulnerabilidad no especificada en Microsoft Internet Explorer 5.01 SP4 y 6 SP1 y anteriores permite a atacantes asistidos por el usuario ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de una p\u00e1gina web manipulada que dispara una corrupci\u00f3n de memoria cuando se guarda como un archivo multipart HTML (.mht)" } ], "id": "CVE-2006-2385", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-06-13T19:06:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20595" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016291" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/26446" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/18320" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26782" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1167" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1423" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1609" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1665" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1911" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1916" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20595" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016291" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26446" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18320" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26782" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1167" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1423" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1609" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1665" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1911" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1916" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-12-11 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=103530131201191&w=2 | ||
cve@mitre.org | http://security.greymagic.com/adv/gm012-ie/ | ||
cve@mitre.org | http://www.ciac.org/ciac/bulletins/n-018.shtml | ||
cve@mitre.org | http://www.iss.net/security_center/static/10435.php | ||
cve@mitre.org | http://www.iss.net/security_center/static/10436.php | ||
cve@mitre.org | http://www.iss.net/security_center/static/10437.php | ||
cve@mitre.org | http://www.iss.net/security_center/static/10438.php | ||
cve@mitre.org | http://www.iss.net/security_center/static/10439.php | ||
cve@mitre.org | http://www.securityfocus.com/bid/6028 | Exploit, Patch, Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/10432 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=103530131201191&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://security.greymagic.com/adv/gm012-ie/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ciac.org/ciac/bulletins/n-018.shtml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10435.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10436.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10437.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10438.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10439.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/6028 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/10432 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka \"Cross Domain Verification via Cached Methods.\"" } ], "id": "CVE-2002-1254", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-12-11T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=103530131201191\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://security.greymagic.com/adv/gm012-ie/" }, { "source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/n-018.shtml" }, { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/10435.php" }, { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/10436.php" }, { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/10437.php" }, { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/10438.php" }, { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/10439.php" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/6028" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10432" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=103530131201191\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.greymagic.com/adv/gm012-ie/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/n-018.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/10435.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/10436.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/10437.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/10438.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/10439.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/6028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10432" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-06-05 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt | ||
cve@mitre.org | http://www.cert.org/advisories/CA-2000-10.html | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/bid/1309 | Patch, Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/4627 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2000-10.html | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1309 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/4627 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "D0BDA2A8-EBB9-47AB-9DA0-5C24527F7210", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "5680FE7F-95EE-46B2-B930-4A3DC27FD1A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "ACC3A8B3-4E8C-46BD-965C-4EF655B9018D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "F7739338-DAE1-403F-B22C-2CFAC884E09A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "A7B6FB02-F15F-486D-8E7C-40830ABDB62F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*", "matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "9CD5EAB0-B400-41C6-B96E-B7594DB0226F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different \"SSL Certificate Validation\" vulnerabilities." } ], "id": "CVE-2000-0519", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2000-06-05T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2000-10.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1309" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4627" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2000-10.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1309" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4627" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-05-08 23:19
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/23769 | Vendor Advisory | |
secure@microsoft.com | http://www.osvdb.org/34399 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/468871/100/200/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/468871/100/200/threaded | ||
secure@microsoft.com | http://www.securitytracker.com/id?1018019 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA07-128A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2007/1712 | Vendor Advisory | |
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/33252 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23769 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/34399 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/468871/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/468871/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018019 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-128A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1712 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33252 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp2 | |
microsoft | windows_2003_server | sp2 | |
microsoft | windows_2003_server | sp2 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | internet_explorer | 6.0 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp2 | |
microsoft | windows_2003_server | sp2 | |
microsoft | windows_2003_server | sp2 | |
microsoft | windows_vista | * | |
microsoft | windows_vista | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | internet_explorer | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:x64:*:*:*:*:*", "matchCriteriaId": "C0507FBE-8679-4CE3-946A-E91CD8DAEC41", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*", "matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*", "matchCriteriaId": "D21D1DFE-F61B-407E-A945-4F42F86947B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*", "matchCriteriaId": "3461CEA0-6CCF-4AA9-B83A-420E1310C83C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*", "matchCriteriaId": "74EE55A2-6020-4591-9F15-80E57D19207C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:x64:*:*:*:*:*", "matchCriteriaId": "C0507FBE-8679-4CE3-946A-E91CD8DAEC41", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*", "matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*", "matchCriteriaId": "D21D1DFE-F61B-407E-A945-4F42F86947B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*", "matchCriteriaId": "3461CEA0-6CCF-4AA9-B83A-420E1310C83C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*", "matchCriteriaId": "F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*", "matchCriteriaId": "74EE55A2-6020-4591-9F15-80E57D19207C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly \"instantiate certain COM objects as ActiveX controls,\" which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll." }, { "lang": "es", "value": "Microsoft Internet Explorer versi\u00f3n 5.01 SP4 en Windows 2000 SP4; versi\u00f3n 6 SP1 en Windows 2000 SP4; versiones 6 y 7 en Windows XP SP2, o Windows Server 2003 SP1 o SP2; y posiblemente versi\u00f3n 7 en Windows Vista \"instantiate certain COM objects as ActiveX controls\" inapropiadamente, que permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un objeto COM creado de la biblioteca chtskdic.dll." } ], "id": "CVE-2007-0942", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-05-08T23:19:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/23769" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/34399" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1018019" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/1712" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33252" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/23769" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/34399" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018019" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/1712" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33252" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-12-20 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/archive/1/246611 | Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/3729 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/246611 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3729 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "C26125C2-2476-43E8-8878-8C1A5A8B244F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window." }, { "lang": "es", "value": "MS Internet Explorer para Unix 5.0SP1 permite a usuarios locales forzar una denegraci\u00f3n de servicio (crash) tanto en CDE como en servidor X de Solaris 2.6 a trav\u00e9s de maximizar la ventana o mostrar r\u00e1pidamente caracteres chinos." } ], "id": "CVE-2001-1218", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-12-20T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/246611" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/3729" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/246611" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/3729" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-09 00:04
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/21396 | ||
secure@microsoft.com | http://securitytracker.com/id?1016663 | ||
secure@microsoft.com | http://www.osvdb.org/27850 | ||
secure@microsoft.com | http://www.securityfocus.com/bid/19339 | ||
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/3212 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21396 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016663 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27850 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19339 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3212 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.01 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka \"Window Location Information Disclosure Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer 5.01 y 6 permite a ciertas secuencias de comandos persistir a trav\u00e9s de navegaciones entre p\u00e1ginas, lo cual permite a un atacante remoto obtener la localizaci\u00f3n de ventana de p\u00e1ginas web visitadas en otros dominios o zonas, tambien conocido como \"Vulnerabilidad de acceso de la informaci\u00f3n de localizaci\u00f3n de ventana\"." } ], "id": "CVE-2006-3640", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-08-09T00:04:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/21396" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016663" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/27850" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/19339" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21396" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016663" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27850" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19339" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-12-12 00:46
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/28036 | Vendor Advisory | |
secure@microsoft.com | http://securitytracker.com/id?1019078 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/484890/100/100/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/26817 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA07-345A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2007/4184 | Vendor Advisory | |
secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-07-075.html | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/38715 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28036 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019078 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/484890/100/100/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26817 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-345A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4184 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-07-075.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/38715 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.x | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.2.3 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0.5730.11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*", "matchCriteriaId": "B0DCFCBD-8EDF-47B5-823F-5E05CD22AF4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of \"Uninitialized Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer versiones 5.01 hasta 7, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un sitio web dise\u00f1ado usando Javascript que crea, modifica, elimina y accede a objetos de documento utilizando la propiedad tags, que desencadena una corrupci\u00f3n de pila, relacionada con objetos no inicializados o eliminados, un problema diferente de CVE-2007-3902 y CVE-2007-3903, y una variante de \"Uninitialized Memory Corruption Vulnerability\"." } ], "id": "CVE-2007-5344", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-12-12T00:46:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28036" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1019078" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/484890/100/100/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/26817" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-075.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38715" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28036" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1019078" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/484890/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26817" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-075.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38715" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.kb.cert.org/vuls/id/813208 | Third Party Advisory, US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/13029 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/813208 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/13029 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered." } ], "id": "CVE-2003-1105", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2003-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/813208" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13029" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/813208" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13029" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/14922/ | Patch, Vendor Advisory | |
secure@microsoft.com | http://www.idefense.com/application/poi/display?id=228&type=vulnerabilities | Patch, Vendor Advisory | |
secure@microsoft.com | http://www.kb.cert.org/vuls/id/774338 | Patch, Third Party Advisory, US Government Resource | |
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA05-102A.html | Patch, Third Party Advisory, US Government Resource | |
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/19831 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1695 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3100 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3752 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4874 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4985 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14922/ | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.idefense.com/application/poi/display?id=228&type=vulnerabilities | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/774338 | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA05-102A.html | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/19831 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1695 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3100 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3752 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4874 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4985 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka \"DHTML Object Memory Corruption Vulnerability\"." } ], "id": "CVE-2005-0553", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-05-02T04:00:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14922/" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.idefense.com/application/poi/display?id=228\u0026type=vulnerabilities" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/774338" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19831" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1695" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3100" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3752" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4874" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4985" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14922/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.idefense.com/application/poi/display?id=228\u0026type=vulnerabilities" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/774338" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19831" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1695" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3100" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3752" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4874" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4985" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-03-17 10:19
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx | Vendor Advisory | |
cve@mitre.org | http://news.com.com/2100-1002_3-6167410.html | ||
cve@mitre.org | http://osvdb.org/35352 | ||
cve@mitre.org | http://secunia.com/advisories/24535 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/25627 | Vendor Advisory | |
cve@mitre.org | http://securityreason.com/securityalert/2448 | ||
cve@mitre.org | http://securitytracker.com/id?1018235 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/462833/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/462939/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/462945/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/471947/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/471947/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/22966 | ||
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA07-163A.html | US Government Resource | |
cve@mitre.org | http://www.vupen.com/english/advisories/2007/0946 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2007/2153 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/33026 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://news.com.com/2100-1002_3-6167410.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/35352 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24535 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25627 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/2448 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1018235 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/462833/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/462939/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/462945/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/471947/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/471947/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22966 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-163A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0946 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2153 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33026 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_vista | * | |
microsoft | ie | 7.0 | |
microsoft | windows_xp | * | |
microsoft | ie | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer versi\u00f3n 7.0 en Windows XP y Vista, permite a los atacantes remotos conducir ataques de phishing y posiblemente ejecutar c\u00f3digo arbitrario por medio de un URI res: en el archivo navcancl.htm con una URL arbitraria como argumento, que muestra la URL en la barra de direcciones de la pagina \"Navigation Canceled\" e inyecta el script hacia el enlace \"Refresh the page\", tambi\u00e9n se conoce como \"Navigation Cancel Page Spoofing Vulnerability.\"" } ], "id": "CVE-2007-1499", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-03-17T10:19:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx" }, { "source": "cve@mitre.org", "url": "http://news.com.com/2100-1002_3-6167410.html" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/35352" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/24535" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/25627" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2448" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018235" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22966" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0946" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2153" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://news.com.com/2100-1002_3-6167410.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35352" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/24535" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/25627" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2448" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018235" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22966" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0946" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2153" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx | ||
cve@mitre.org | http://secunia.com/advisories/18787 | Vendor Advisory | |
cve@mitre.org | http://securitytracker.com/id?1015049 | ||
cve@mitre.org | http://www.osvdb.org/2707 | ||
cve@mitre.org | http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html | Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/archive/1/424863/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/424940/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/16352 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/0553 | Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/24648 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18787 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015049 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/2707 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/424863/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/424940/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/16352 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/0553 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/24648 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window." } ], "id": "CVE-2005-3240", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2005-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/18787" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015049" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/2707" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/16352" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/0553" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/18787" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015049" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/2707" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/16352" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/0553" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-362" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=105138417416900&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=105718285107246&w=2 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/169753 | US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=105138417416900&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=105718285107246&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/169753 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en URLMON.DLL en Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una respuesta HTTP conteniendo valores largos en ciertos campos de cabecera." } ], "id": "CVE-2003-0113", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-05-12T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=105138417416900\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=105718285107246\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/169753" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=105138417416900\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=105718285107246\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/169753" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/11273 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/702086 | Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/archive/1/379903 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/425386/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/425883/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/11565 | Exploit, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17938 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/11273 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/702086 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/379903 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/425386/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/425883/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11565 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17938 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty \"href\" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL." }, { "lang": "es", "value": "Microsoft Internet Explorer 6.0 SP2 permite a atacantes remotos suplantar una URL leg\u00edtima en la barra de estado y realizar un ataque de \u0027phishing\u0027 mediante una p\u00e1gina web que contenga un elemento BASE que apunta al sitio leg\u00edtimo seguido de un elemento ancla (A) con un elemento \"href\" vac\u00edo y un elemento FORM que apunta a un sitio web malicioso, y un elemento \u0027INPUT\u0027 modificado para que se parezca a la URL leg\u00edtima." } ], "id": "CVE-2004-1104", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/11273" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/702086" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/379903" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/425386/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/425883/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11565" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17938" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/11273" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/702086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/379903" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/425386/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/425883/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11565" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17938" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-12-11 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html | Exploit | |
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html | ||
cve@mitre.org | http://www.iss.net/security_center/static/10039.php | Patch, Vendor Advisory | |
cve@mitre.org | http://www.osvdb.org/7845 | ||
cve@mitre.org | http://www.securityfocus.com/bid/5610 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10039.php | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/7845 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/5610 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka \"Encoded Characters Information Disclosure.\"" } ], "id": "CVE-2002-1186", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-12-11T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/10039.php" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/7845" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/5610" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/10039.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/7845" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/5610" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-08-10 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/16373/ | Patch, Vendor Advisory | |
secure@microsoft.com | http://www.securityfocus.com/bid/14512 | ||
secure@microsoft.com | http://www.vupen.com/english/advisories/2005/1353 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100081 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1319 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A697 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A790 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A888 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16373/ | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14512 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/1353 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100081 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1319 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A697 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A790 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A888 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka \"Web Folder Behaviors Cross-Domain Vulnerability\"." } ], "id": "CVE-2005-1989", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-08-10T04:00:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/16373/" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/14512" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2005/1353" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100081" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1319" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A697" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A790" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A888" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/16373/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/14512" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2005/1353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1319" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A697" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A888" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-12-12 00:46
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/28036 | ||
secure@microsoft.com | http://securitytracker.com/id?1019078 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/26427 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA07-345A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2007/4184 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/38716 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4332 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28036 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019078 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/485268/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26427 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-345A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4184 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/38716 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4332 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.x | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.2.3 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0.5730.11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*", "matchCriteriaId": "B0DCFCBD-8EDF-47B5-823F-5E05CD22AF4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via \"unexpected method calls to HTML objects,\" aka \"DHTML Object Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer 5.01 hasta la 7 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de \"llamadas a m\u00e9todos no esperados de objetos HTML\", tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de objeto de memoria DHTML\"." } ], "id": "CVE-2007-5347", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-12-12T00:46:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/28036" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1019078" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/26427" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38716" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4332" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28036" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1019078" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26427" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38716" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4332" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" }, { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=109829111200055&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=109830296130857&w=2 | ||
cve@mitre.org | http://marc.info/?l=ntbugtraq&m=109828076802478&w=2 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17824 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109829111200055&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109830296130857&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=ntbugtraq&m=109828076802478&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17824 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help." } ], "id": "CVE-2004-0985", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109829111200055\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109830296130857\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=ntbugtraq\u0026m=109828076802478\u0026w=2" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17824" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109829111200055\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109830296130857\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=ntbugtraq\u0026m=109828076802478\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17824" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-09-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://securityfocus.com/archive/1/375407 | Vendor Advisory | |
cve@mitre.org | http://securitytracker.com/id?1011332 | ||
cve@mitre.org | http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt | Exploit, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17417 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securityfocus.com/archive/1/375407 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1011332 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17417 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\"" } ], "id": "CVE-2004-0869", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-09-16T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://securityfocus.com/archive/1/375407" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1011332" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://securityfocus.com/archive/1/375407" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1011332" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-03-17 01:02
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html | ||
secure@microsoft.com | http://secunia.com/advisories/18957 | Patch, Vendor Advisory | |
secure@microsoft.com | http://secunia.com/advisories/19269 | Patch, Vendor Advisory | |
secure@microsoft.com | http://securitytracker.com/id?1015794 | Patch | |
secure@microsoft.com | http://www.kb.cert.org/vuls/id/984473 | Third Party Advisory, US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/23964 | Exploit | |
secure@microsoft.com | http://www.securityfocus.com/archive/1/428810/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/453436/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/453554/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/17131 | Exploit, Patch | |
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-101A.html | Third Party Advisory, US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/1318 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/25292 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18957 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19269 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015794 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/984473 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/23964 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/428810/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/453436/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/453554/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/17131 | Exploit, Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-101A.html | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/1318 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/25292 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the \"Multiple Event Handler Memory Corruption Vulnerability.\"" } ], "id": "CVE-2006-1245", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-03-17T01:02:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/18957" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19269" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://securitytracker.com/id?1015794" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/984473" }, { "source": "secure@microsoft.com", "tags": [ "Exploit" ], "url": "http://www.osvdb.org/23964" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/428810/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/453436/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/453554/100/0/threaded" }, { "source": "secure@microsoft.com", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/17131" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25292" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/18957" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19269" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://securitytracker.com/id?1015794" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/984473" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.osvdb.org/23964" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/428810/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/453436/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/453554/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/17131" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25292" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-11-11 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 4.0 | |
microsoft | ie | 4.0 | |
microsoft | ie | 4.0.1 | |
microsoft | ie | 4.0.1 | |
microsoft | ie | 4.0.1 | |
microsoft | ie | 4.1 | |
microsoft | ie | 4.1 | |
microsoft | ie | 4.1 | |
microsoft | ie | 5 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | internet_explorer | 4.0 | |
microsoft | outlook | 98 | |
microsoft | outlook | 2000 | |
microsoft | outlook_express | 4.27.3110.1 | |
microsoft | outlook_express | 4.72.2106.4 | |
microsoft | outlook_express | 4.72.3120.0 | |
microsoft | outlook_express | 4.72.3612.1700 | |
microsoft | outlook_express | 5.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "D0BDA2A8-EBB9-47AB-9DA0-5C24527F7210", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "5680FE7F-95EE-46B2-B930-4A3DC27FD1A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "ACC3A8B3-4E8C-46BD-965C-4EF655B9018D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "F7739338-DAE1-403F-B22C-2CFAC884E09A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "D45C47A8-8B5F-4A49-8B36-FCBA09029375", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "0CFF1B46-BEDD-4D96-90EA-EE4376AFCAF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "84730D4D-7887-4A64-8C76-F50C85309FE7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "A7B6FB02-F15F-486D-8E7C-40830ABDB62F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*", "matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:98:*:*:*:*:*:*:*", "matchCriteriaId": "52970A43-173E-477B-80BF-6FDBB6B0EECD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*", "matchCriteriaId": "D52F17AB-2C87-4C1A-91B5-267ABBCF5844", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:4.27.3110.1:*:*:*:*:*:*:*", "matchCriteriaId": "6BAE90D0-1637-49F4-8453-5E9959B55002", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:4.72.2106.4:*:*:*:*:*:*:*", "matchCriteriaId": "D707B4FB-4BB2-4C84-851B-A8926AC26B7A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:4.72.3120.0:*:*:*:*:*:*:*", "matchCriteriaId": "7769EE2E-A740-4AE8-B1B1-A5256C12601D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:4.72.3612.1700:*:*:*:*:*:*:*", "matchCriteriaId": "14B52779-4A43-4507-988F-5B5A81658FF5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F71D6D7-6CB2-4BE9-839A-A5714144029C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the \"Active Setup Control\" vulnerability." } ], "id": "CVE-2000-0329", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "1999-11-11T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-048" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/archive/1/348688 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/9335 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/348688 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9335 | Exploit |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script." } ], "id": "CVE-2004-2291", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/348688" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/9335" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/348688" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/9335" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-09-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=109536612321898&w=2 | ||
cve@mitre.org | http://securitytracker.com/id?1011332 | Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/11186 | Patch, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109536612321898&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1011332 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11186 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
kde | konqueror | 2.1.1 | |
kde | konqueror | 2.1.2 | |
kde | konqueror | 2.2.1 | |
kde | konqueror | 2.2.2 | |
kde | konqueror | 3.0 | |
kde | konqueror | 3.0.1 | |
kde | konqueror | 3.0.2 | |
kde | konqueror | 3.0.3 | |
kde | konqueror | 3.0.5 | |
kde | konqueror | 3.0.5b | |
kde | konqueror | 3.1 | |
kde | konqueror | 3.1.1 | |
kde | konqueror | 3.1.2 | |
kde | konqueror | 3.1.3 | |
kde | konqueror | 3.1.4 | |
kde | konqueror | 3.1.5 | |
kde | konqueror | 3.2.1 | |
kde | konqueror | 3.2.3 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
mozilla | firefox | 0.9.2 | |
suse | suse_linux | 1.0 | |
suse | suse_linux | 8 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "417F34FB-A6B0-4090-BDC9-6D4C1BF0D3D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "61416A22-7309-4890-80B8-6E7C09C7BE8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F918814C-F129-4534-921A-38AF678A7016", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D435E39F-4F70-481B-9225-B072B79BEB69", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "8AD68BAB-8945-4A22-938E-12C01D0111D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7B3220BF-B0AF-4C90-89BD-B425EE58021D", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FA53FB7A-AF7F-45B2-AF23-11B1FC4EC289", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "619EB7F6-8694-4344-A4C9-A35DA58391AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "7FED2DFC-592C-4FD3-B0B7-C670C78F56DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.5b:*:*:*:*:*:*:*", "matchCriteriaId": "9EC65385-B190-44BE-9AF8-B14F48303046", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F7BAE27-7AB1-4DBD-98AD-6109F0D9A458", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "AF8A54F6-96A9-44B8-97C8-50DA7276708D", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "1001754B-8EDB-41A2-9D5D-6E2A2B556DD0", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "C8D57D87-3E6A-4A73-85BA-EE679E9DA8D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "60BE888B-FE26-4378-B853-29995A55920C", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "99E4FC9B-F47C-4BD5-B2C7-23CBAD2D5488", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0172B167-5780-4F80-ACC9-2FB8B60D6717", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "3C0DB31D-D075-409C-9ED9-A9E1D96332CA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*", "matchCriteriaId": "C7EAAD04-D7C4-43DE-B488-1AAD014B503E", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session." } ], "id": "CVE-2004-0866", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-09-16T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://securitytracker.com/id?1011332" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11186" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://securitytracker.com/id?1011332" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11186" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-30 01:04
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/21910 | ||
cve@mitre.org | http://securityreason.com/securityalert/1468 | ||
cve@mitre.org | http://securitytracker.com/id?1016764 | ||
cve@mitre.org | http://www.osvdb.org/28841 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/444504/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/19738 | Exploit | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA06-318A.html | US Government Resource | |
cve@mitre.org | http://www.xsec.org/index.php?module=releases&act=view&type=1&id=19 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28608 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21910 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/1468 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016764 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/28841 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/444504/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19738 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-318A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.xsec.org/index.php?module=releases&act=view&type=1&id=19 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28608 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en el objeto COM DirectAnimation.PathControl (daxctle.ocx) en Microsoft Internet Explorer 6.0 SP1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante una llamada a la funci\u00f3n Spline cuyo primer argumento especifica un n\u00famero grande de puntos." } ], "id": "CVE-2006-4446", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-08-30T01:04:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/21910" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1468" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016764" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/28841" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/444504/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19738" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "source": "cve@mitre.org", "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=19" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28608" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21910" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1468" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016764" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28841" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/444504/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19738" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=19" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28608" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-04-11 23:02
Modified
2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/18957 | ||
secure@microsoft.com | http://securitytracker.com/id?1015900 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/503124 | US Government Resource | |
secure@microsoft.com | http://www.securityfocus.com/bid/17450 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-101A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/1318 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/25542 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18957 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015900 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/503124 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/17450 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-101A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/1318 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/25542 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*", "matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*", "matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*", "matchCriteriaId": "3665D68D-8E1E-4FA9-97B9-9E099DDE84F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption." } ], "id": "CVE-2006-1185", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-04-11T23:02:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/18957" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015900" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/503124" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/17450" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18957" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015900" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/503124" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17450" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-09 00:04
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/21401 | ||
secure@microsoft.com | http://securitytracker.com/id?1016655 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/927548 | Patch, US Government Resource | |
secure@microsoft.com | http://www.securityfocus.com/bid/19417 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-220A.html | Patch, US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/3213 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/28005 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21401 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016655 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/927548 | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19417 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-220A.html | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3213 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28005 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.01 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local \"HTML-embedded resource files\" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka \"MMC Redirect Cross-Site Scripting Vulnerability.\"" }, { "lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Internet Explorer 5.01 y 6 en Microsoft Windows 2000 SP4 permite acceso a \"ficheros de recursos HTML-embedded\" locales en la biblioteca de Consola de Administraci\u00f3n de Microsoft (MMC), que permite a atacantes remotos autenticados ejecutar comandos de su elecci\u00f3n, tambi\u00e9n conocido como \"Vulnerabilidad de redirecci\u00f3n de secuencias de comandos en sitios cruzados de MMC\"" } ], "id": "CVE-2006-3643", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-08-09T00:04:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/21401" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016655" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/927548" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/19417" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/3213" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28005" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21401" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016655" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/927548" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19417" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3213" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28005" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-07-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/11966 | Patch, Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/11978 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/ | Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/1598 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/11966 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/11978 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/1598 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability." }, { "lang": "es", "value": "Internet Explorer para Mac 5.2.3, Internet Explorer 6 en Windows XP, u posiblemente otras versiones, no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantaci\u00f3n de sitios web y otros ataques. Vulnerabilidad tambi\u00e9n conocida como \"de inyecci\u00f3n de marco\"." } ], "id": "CVE-2004-0719", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-07-27T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/11966" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/11978" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/11966" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/11978" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=106321757619047&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=106322542104656&w=2 | ||
cve@mitre.org | http://secunia.com/advisories/10192 | ||
cve@mitre.org | http://securitytracker.com/id?1007687 | ||
cve@mitre.org | http://www.ciac.org/ciac/bulletins/o-021.shtml | ||
cve@mitre.org | http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html | ||
cve@mitre.org | http://www.osvdb.org/7888 | ||
cve@mitre.org | http://www.osvdb.org/7889 | ||
cve@mitre.org | http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM | ||
cve@mitre.org | http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM | ||
cve@mitre.org | http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/337086 | ||
cve@mitre.org | http://www.securityfocus.com/bid/9014 | Patch, Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/13676 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106321757619047&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106322542104656&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/10192 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1007687 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ciac.org/ciac/bulletins/o-021.shtml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/7888 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/7889 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/337086 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9014 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/13676 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the \"Function Pointer Override Cross Domain\" vulnerability." }, { "lang": "es", "value": "Internet Explorer 6 SP1 y anteriores permite que atacantes remotos se salten restricciones de seguridad y lean ficheros arbitrario mediante (1) modificando el m\u00e9todo createTextRange y usando CreateLink, como se demuestra usando LinkillerSaveRef, LinkillerJPU, yLinkiller. Y (2) modificando el m\u00e9todo createRange y usando el di\u00e1logo FIND para seleccionar texto, como se demuestra usando Findeath. Tambi\u00e9n se la conoce como vulnerabilidad \"\"Function Pointer Override Cross Domain\"\"." } ], "id": "CVE-2003-0815", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-02-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106321757619047\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106322542104656\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/10192" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1007687" }, { "source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/o-021.shtml" }, { "source": "cve@mitre.org", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/7888" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/7889" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/337086" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9014" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13676" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106321757619047\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106322542104656\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/10192" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1007687" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/o-021.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/7888" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/7889" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/337086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13676" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-01-09 23:28
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462 | Patch, Vendor Advisory | |
secure@microsoft.com | http://secunia.com/advisories/23677 | Patch, Vendor Advisory | |
secure@microsoft.com | http://securitytracker.com/id?1017489 | Patch | |
secure@microsoft.com | http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm | ||
secure@microsoft.com | http://support.microsoft.com/?kbid=929969 | Patch | |
secure@microsoft.com | http://www.kb.cert.org/vuls/id/122084 | Patch, US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/31250 | Patch | |
secure@microsoft.com | http://www.securityfocus.com/archive/1/457053/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/457164/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/457274/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/457274/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/21930 | Patch | |
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA07-009A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2007/0105 | ||
secure@microsoft.com | http://www.vupen.com/english/advisories/2007/0129 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/31287 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23677 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1017489 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.microsoft.com/?kbid=929969 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/122084 | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/31250 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/457053/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/457164/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/457274/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/457274/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/21930 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-009A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0105 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0129 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/31287 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | internet_explorer | 5.01 | |
microsoft | windows_2000 | * | |
microsoft | ie | 6.0 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | internet_explorer | 7.0 | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | internet_explorer | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "8DC0F5CD-84DF-4569-A651-438D968AA801", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "580632FB-7EB8-4DC6-A372-742D4523BF79", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\"" }, { "lang": "es", "value": "Debordamiento de Entero en la implementaci\u00f3n (vgx.dll) del Lenguaje de Marcas de Vectores (VML) en Microsoft Internet Explorer 5.01, 6, y 7 en Windows 2000 SP4, XP SP2, Server 2003, y Server 2003 SP1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una p\u00e1gina web manipulada que contiene propiedades no especificadas tipo entero que provocan insufiencte reserva de memoria y dispara un desbordamiento de b\u00fafer, tambi\u00e9n conocido como la \"Vulnerabilidad de desbordamiento de b\u00fafer VML\"." } ], "id": "CVE-2007-0024", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-01-09T23:28:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/23677" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://securitytracker.com/id?1017489" }, { "source": "secure@microsoft.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://support.microsoft.com/?kbid=929969" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/122084" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://www.osvdb.org/31250" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/21930" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/0105" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/0129" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/23677" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://securitytracker.com/id?1017489" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://support.microsoft.com/?kbid=929969" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/122084" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.osvdb.org/31250" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/21930" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0105" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0129" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://online.securityfocus.com/archive/1/292842 | ||
cve@mitre.org | http://www.iss.net/security_center/static/10180.php | ||
cve@mitre.org | http://www.securityfocus.com/bid/5778 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/292842 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10180.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/5778 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver\u0027s certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability." } ], "id": "CVE-2002-1824", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://online.securityfocus.com/archive/1/292842" }, { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/10180.php" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/5778" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://online.securityfocus.com/archive/1/292842" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/10180.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/5778" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-07-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://lcamtuf.coredump.cx/crash | Exploit | |
cve@mitre.org | http://www.securityfocus.com/archive/1/405298 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/bid/14284 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/bid/14285 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/bid/14286 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://lcamtuf.coredump.cx/crash | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/405298 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14284 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14285 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14286 | Exploit |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg." }, { "lang": "es", "value": "El descodificador de JPEG en Microsoft Internet Explorer permite que atacantes remotos causen una denegaci\u00f3n de servicio (consumo de CPU o ca\u00edda) y posiblemente ejecuten c\u00f3digo arbitrario mediante im\u00e1genes JPEG ama\u00f1adas. Queda demostrado usando (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, o (4) random.jpg." } ], "id": "CVE-2005-2308", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-07-19T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://lcamtuf.coredump.cx/crash" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/405298" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/14284" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/14285" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/14286" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://lcamtuf.coredump.cx/crash" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/405298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/14284" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/14285" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/14286" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-01-31 11:28
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html | ||
cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html | ||
cve@mitre.org | http://osvdb.org/32628 | ||
cve@mitre.org | http://securityreason.com/securityalert/2199 | ||
cve@mitre.org | http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/458443/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/22288 | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/31867 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/32628 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/2199 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/458443/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22288 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/31867 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.0_ta3 | |
microsoft | ie | 6.0 | |
microsoft | ie | 7.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.0_ta3:*:*:*:*:*:*:*", "matchCriteriaId": "A086C4BD-F015-45F9-AF24-763F0FDF4268", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference." }, { "lang": "es", "value": "M\u00faltiples controles de ActiveX en el Microsoft Windows 2000, XP, 2003 y Vista permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del Internet Explorer) mediante el acceso a las propiedades bgColor, fgColor, linkColor, alinkColor, vlinkColor o defaultCharset en los objetos (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile o (11) wdfile objects en (a) mshtml.dll; o en los objetos (12) TriEditDocument.TriEditDocument o (13) TriEditDocument.TriEditDocument.1 en (b) triedit.dll, lo que provoca una referencia a un puntero NULO (NULL)." } ], "id": "CVE-2007-0612", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-01-31T11:28:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html" }, { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/32628" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2199" }, { "source": "cve@mitre.org", "url": "http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/458443/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/22288" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31867" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32628" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2199" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/458443/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/22288" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31867" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-01-20 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=106979349517578&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=107038202225587&w=2 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/784102 | Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu | ||
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-033A.html | US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/13846 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106979349517578&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=107038202225587&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/784102 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-033A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/13846 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window\u0027s zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the \"Travel Log Cross Domain Vulnerability.\"" }, { "lang": "es", "value": "Internet Explorer SP1 permite a atacantes remotos evitar restricciones de zonas mediante una URL de protocolo JavaScript en un sub-marco, que es a\u00f1adido al historial de p\u00e1ginas visitadas y es ejecutado en la zona de seguridad de la ventana principal cuando se usa el m\u00e9todo JavaScritp \"history.back\" (mostrar p\u00e1gina anterior), como se demostr\u00f3 por BackToFramedJpu." } ], "id": "CVE-2003-1026", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2004-01-20T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106979349517578\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/784102" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13846" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106979349517578\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/784102" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13846" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/11165/ | ||
cve@mitre.org | http://secunia.com/secunia_research/2004-12/advisory/ | ||
cve@mitre.org | http://securitytracker.com/id?1013125 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/843771 | Patch, US Government Resource | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA05-039A.html | Patch, US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/19137 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2692 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3137 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3910 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A710 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/11165/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2004-12/advisory/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1013125 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/843771 | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA05-039A.html | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/19137 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2692 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3137 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3910 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A710 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the \"DHTML Method Heap Memory Corruption Vulnerability.\"" } ], "id": "CVE-2005-0055", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-05-02T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/11165/" }, { "source": "cve@mitre.org", "url": "http://secunia.com/secunia_research/2004-12/advisory/" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1013125" }, { "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/843771" }, { "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2692" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3137" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3910" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A710" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/11165/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/secunia_research/2004-12/advisory/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1013125" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/843771" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2692" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3137" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3910" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A710" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-11-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 4.0 | |
microsoft | internet_explorer | 3.0 | |
microsoft | internet_explorer | 3.0.2 | |
microsoft | internet_explorer | 3.1 | |
microsoft | internet_explorer | 3.2 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.1 | |
microsoft | internet_explorer | 4.5 | |
microsoft | internet_explorer | 5.0 | |
netscape | navigator | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.0:a_mac_os:*:*:*:*:*:*", "matchCriteriaId": "35AA9DC0-0694-48FC-8652-831DFAB29226", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D09FC21-1170-4399-8378-1D8353689C76", "versionEndIncluding": "4.5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "By default, Internet Explorer 5.0 and other versions enables the \"Navigate sub-frames across different domains\" option, which allows frame spoofing." } ], "id": "CVE-1999-0827", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "1999-11-01T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-02-07 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html | Exploit, Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/10820 | Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/9611 | Exploit, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/15078 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/10820 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9611 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/15078 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist." } ], "id": "CVE-2004-2090", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-02-07T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/10820" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9611" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15078" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/10820" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9611" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15078" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-03-09 11:55
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars | ||
cve@mitre.org | http://pwn2own.zerodayinitiative.com/status.html | ||
cve@mitre.org | http://twitter.com/vupen/statuses/177895844828291073 | ||
cve@mitre.org | http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars | ||
af854a3a-2127-422b-91ae-364da2661108 | http://pwn2own.zerodayinitiative.com/status.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://twitter.com/vupen/statuses/177895844828291073 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 10 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.00.2462.0000 | |
microsoft | internet_explorer | 6.00.2479.0006 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.00.2600.0000 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.00.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 6.00.2900.2180 | |
microsoft | internet_explorer | 6.00.3663.0000 | |
microsoft | internet_explorer | 6.00.3718.0000 | |
microsoft | internet_explorer | 6.00.3790.0000 | |
microsoft | internet_explorer | 6.00.3790.1830 | |
microsoft | internet_explorer | 6.00.3790.3959 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0.5730 | |
microsoft | internet_explorer | 7.0.5730.11 | |
microsoft | internet_explorer | 7.00.5730.1100 | |
microsoft | internet_explorer | 7.00.6000.16386 | |
microsoft | internet_explorer | 7.00.6000.16441 | |
microsoft | internet_explorer | 8.0.6001 | |
microsoft | internet_explorer | 8.0.6001 | |
microsoft | internet_explorer | 9 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:10:consumer_preview:*:*:*:*:*:*", "matchCriteriaId": "AD1E2761-48DA-444F-BC45-44F1401322F2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*", "matchCriteriaId": "314538E8-48EC-4869-9074-2A1F5B7CBB3C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*", "matchCriteriaId": "F56B3A72-7C5E-4F0C-BBC7-AA13DDFBEE70", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2600.0000:*:*:*:*:*:*:*", "matchCriteriaId": "6876CE89-AA70-44C5-8A69-E2ED7A63F570", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "BCE2555F-C4BE-482F-8DD9-976D2026058C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "61F352FE-C22E-4B33-A46F-77A164B5DABB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*", "matchCriteriaId": "5ACD5A44-0926-4A1B-9900-1E7CC0A561C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3718.0000:*:*:*:*:*:*:*", "matchCriteriaId": "196CEE37-2E3A-41A7-9AC1-0D5CC3F35D8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*", "matchCriteriaId": "3E16BEF4-71AA-4E23-B438-D25FFABDB646", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*", "matchCriteriaId": "1F32702E-F955-4DDB-B235-7C47E882453C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*", "matchCriteriaId": "6FA2B4AD-C04D-4A6B-8570-5A2F5489F750", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*", "matchCriteriaId": "817636ED-5E42-460E-89F1-24D5C64AB8BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*", "matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*", "matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*", "matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:*:*:*:*:*:*:*", "matchCriteriaId": "5F709B61-F64B-4E8F-80BB-4944485B6125", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", "matchCriteriaId": "612B8367-DAEF-4EE3-BC57-16A5CF4D3030", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012." }, { "lang": "es", "value": "Microsoft Internet Explorer v6 a v9, y v10 Consumer Preview, permite a atacantes remotos eludir el modo protegido o causar una denegaci\u00f3n de servicio (por corrupci\u00f3n de memoria), aprovechando el acceso a un proceso de baja integridad, como lo demostr\u00f3 VUPEN durante una competencia Pwn2Own en CanSecWest 2012" } ], "id": "CVE-2012-1545", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2012-03-09T11:55:01.193", "references": [ { "source": "cve@mitre.org", "url": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars" }, { "source": "cve@mitre.org", "url": "http://pwn2own.zerodayinitiative.com/status.html" }, { "source": "cve@mitre.org", "url": "http://twitter.com/vupen/statuses/177895844828291073" }, { "source": "cve@mitre.org", "url": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://pwn2own.zerodayinitiative.com/status.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://twitter.com/vupen/statuses/177895844828291073" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-06-15 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://research.microsoft.com/apps/pubs/default.aspx?id=79323 | ||
cve@mitre.org | http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://research.microsoft.com/apps/pubs/default.aspx?id=79323 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf | Exploit |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.22 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 3.0 | |
microsoft | internet_explorer | 3.0.1 | |
microsoft | internet_explorer | 3.0.2 | |
microsoft | internet_explorer | 3.1 | |
microsoft | internet_explorer | 3.2 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.01 | |
microsoft | internet_explorer | 4.1 | |
microsoft | internet_explorer | 4.01 | |
microsoft | internet_explorer | 4.5 | |
microsoft | internet_explorer | 4.40.308 | |
microsoft | internet_explorer | 4.40.520 | |
microsoft | internet_explorer | 4.70.1155 | |
microsoft | internet_explorer | 4.70.1158 | |
microsoft | internet_explorer | 4.70.1215 | |
microsoft | internet_explorer | 4.70.1300 | |
microsoft | internet_explorer | 4.71.544 | |
microsoft | internet_explorer | 4.71.1008.3 | |
microsoft | internet_explorer | 4.71.1712.6 | |
microsoft | internet_explorer | 4.72.2106.8 | |
microsoft | internet_explorer | 4.72.3110.8 | |
microsoft | internet_explorer | 4.72.3612.1713 | |
microsoft | internet_explorer | 5 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.00.0518.10 | |
microsoft | internet_explorer | 5.00.0910.1309 | |
microsoft | internet_explorer | 5.00.2014.0216 | |
microsoft | internet_explorer | 5.00.2314.1003 | |
microsoft | internet_explorer | 5.00.2614.3500 | |
microsoft | internet_explorer | 5.00.2919.800 | |
microsoft | internet_explorer | 5.00.2919.3800 | |
microsoft | internet_explorer | 5.00.2919.6307 | |
microsoft | internet_explorer | 5.00.2920.0000 | |
microsoft | internet_explorer | 5.00.3103.1000 | |
microsoft | internet_explorer | 5.00.3105.0106 | |
microsoft | internet_explorer | 5.00.3314.2101 | |
microsoft | internet_explorer | 5.00.3315.1000 | |
microsoft | internet_explorer | 5.00.3502.1000 | |
microsoft | internet_explorer | 5.00.3700.1000 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.2.3 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.50.3825.1300 | |
microsoft | internet_explorer | 5.50.4030.2400 | |
microsoft | internet_explorer | 5.50.4134.0600 | |
microsoft | internet_explorer | 5.50.4308.2900 | |
microsoft | internet_explorer | 5.50.4522.1800 | |
microsoft | internet_explorer | 5.50.4807.2300 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.00.2462.0000 | |
microsoft | internet_explorer | 6.00.2479.0006 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.00.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 6.00.2900.2180 | |
microsoft | internet_explorer | 6.00.3663.0000 | |
microsoft | internet_explorer | 6.00.3790.0000 | |
microsoft | internet_explorer | 6.00.3790.1830 | |
microsoft | internet_explorer | 6.00.3790.3959 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0.5730.11 | |
microsoft | internet_explorer | 7.00.5730.1100 | |
microsoft | internet_explorer | 7.00.6000.16386 | |
microsoft | internet_explorer | 7.00.6000.16441 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "C26125C2-2476-43E8-8878-8C1A5A8B244F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "FED6949F-54D0-4D36-B6A8-59EBFA2611E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.22:*:*:*:*:*:*:*", "matchCriteriaId": "226A1B77-A80E-4ADE-8318-749CD1AD7CD0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F62AC866-A06F-47DB-AEDF-E345CE0B14A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "0AF9C64F-9A67-4BA9-A653-75507935E6EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:*:*:*:*:*:*:*", "matchCriteriaId": "B9D82B89-456D-41CB-A894-B6A22FB4415D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "2E21CE6E-2B33-4225-B1DC-C19F1D578040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.308:*:*:*:*:*:*:*", "matchCriteriaId": "0A652453-AB5F-405C-ABDE-CE1B54FEACED", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.520:*:*:*:*:*:*:*", "matchCriteriaId": "141080AB-48DE-4885-BAB6-6F0937ABD49B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1155:*:*:*:*:*:*:*", "matchCriteriaId": "EB758D76-B7F6-4E87-B88D-620443655CA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1158:*:*:*:*:*:*:*", "matchCriteriaId": "28655AC5-1512-4F45-9963-CA26F73981CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1215:*:*:*:*:*:*:*", "matchCriteriaId": "C00F4F36-B88A-4FDB-BE52-83C6EF60BDB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1300:*:*:*:*:*:*:*", "matchCriteriaId": "BEC05584-F553-4D29-9C46-C9EE5F0CB166", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.544:*:*:*:*:*:*:*", "matchCriteriaId": "B108A86E-8387-446C-B823-BE6FCAE747A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:*:*:*:*:*:*:*", "matchCriteriaId": "BA3F79B8-512A-4B88-868C-7C4ADFD223C9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:*:*:*:*:*:*:*", "matchCriteriaId": "078C3A86-C9F8-4A19-9DDC-1065B54E640F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:*:*:*:*:*:*:*", "matchCriteriaId": "9030923C-356E-4FAB-8E64-03D462B4DB5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:*:*:*:*:*:*:*", "matchCriteriaId": "DC0FFABC-8BED-4838-85FE-406DC9CF9B92", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:*:*:*:*:*:*:*", "matchCriteriaId": "C9DB4A00-4F70-4189-81BD-9318C52DF2D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:*:*:*:*:*:*:*", "matchCriteriaId": "FBFE8C8E-F46C-4179-AE83-CE4720C8E0E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:*:*:*:*:*:*:*", "matchCriteriaId": "61125B09-23AA-4D5A-8332-6B5CCD80C7A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:*:*:*:*:*:*:*", "matchCriteriaId": "3AECF59F-B3C0-44CC-B77A-30E32B3E8BB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2314.1003:*:*:*:*:*:*:*", "matchCriteriaId": "D4690B85-86B9-448E-9249-B3885DEDC60E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500:*:*:*:*:*:*:*", "matchCriteriaId": "D91F4C80-3B1B-45BD-966F-C9DBF98B875D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800:*:*:*:*:*:*:*", "matchCriteriaId": "F65E0DC1-40F6-4252-945A-A972343D1E29", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.3800:*:*:*:*:*:*:*", "matchCriteriaId": "8C07C1A9-1A94-4653-8C57-6FCFC25854E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307:*:*:*:*:*:*:*", "matchCriteriaId": "EDC57519-AD96-4ECF-A5B2-4E45F7D55298", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000:*:*:*:*:*:*:*", "matchCriteriaId": "37DE3DE6-A355-41F2-BF5E-E7526449E753", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000:*:*:*:*:*:*:*", "matchCriteriaId": "5DB24B4F-44FF-4F0F-90FA-240A34B9599F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106:*:*:*:*:*:*:*", "matchCriteriaId": "919A6551-DB18-49BD-AB92-4C453B3B728F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101:*:*:*:*:*:*:*", "matchCriteriaId": "C512DAB3-2720-42D2-B27E-28F30FE0FE46", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000:*:*:*:*:*:*:*", "matchCriteriaId": "CB90458F-1F2B-4F4C-88C6-4B670787D126", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000:*:*:*:*:*:*:*", "matchCriteriaId": "6C2EFDB4-97C2-4DDF-8A65-FCFB60FCB540", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000:*:*:*:*:*:*:*", "matchCriteriaId": "4A99CDC7-9341-4DFB-BB18-FF06C05FF9B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.3825.1300:*:*:*:*:*:*:*", "matchCriteriaId": "8BA6BA38-8B3B-4B9A-95BF-BCD412DD83B6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4030.2400:*:*:*:*:*:*:*", "matchCriteriaId": "01BD2A05-3FCE-4C5D-8228-968630F27E28", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0600:*:*:*:*:*:*:*", "matchCriteriaId": "BF0EC334-AEAD-43CA-A609-C027060F4F20", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4308.2900:*:*:*:*:*:*:*", "matchCriteriaId": "BAF320BE-F022-4E0E-9815-B8AEED87B384", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4522.1800:*:*:*:*:*:*:*", "matchCriteriaId": "75532B2D-6814-4D20-8AEB-E7DFD66B6423", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4807.2300:*:*:*:*:*:*:*", "matchCriteriaId": "83802E30-8E7D-4CAB-B8FC-10056CF833D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*", "matchCriteriaId": "314538E8-48EC-4869-9074-2A1F5B7CBB3C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*", "matchCriteriaId": "F56B3A72-7C5E-4F0C-BBC7-AA13DDFBEE70", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "BCE2555F-C4BE-482F-8DD9-976D2026058C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "61F352FE-C22E-4B33-A46F-77A164B5DABB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*", "matchCriteriaId": "5ACD5A44-0926-4A1B-9900-1E7CC0A561C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*", "matchCriteriaId": "3E16BEF4-71AA-4E23-B438-D25FFABDB646", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*", "matchCriteriaId": "1F32702E-F955-4DDB-B235-7C47E882453C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*", "matchCriteriaId": "6FA2B4AD-C04D-4A6B-8570-5A2F5489F750", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*", "matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*", "matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*", "matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an \"SSL tampering\" attack." }, { "lang": "es", "value": "Microsoft Internet Explorer anteriores a v8 utiliza una cabecera HTTP Host para determinar el contexto de un documento proporcionado por una respuesta de CONEXI\u00d3N (1) 4xx o (2) 5xx desde un servidor proxy, lo que permite a los atacantes \"hombre en el medio\" ejecutar arbitrariamente una secuencia de comandos web modificando la respuesta CONEXI\u00d3N, tambi\u00e9n conocida como un ataque \"forzado SSL\"." } ], "id": "CVE-2009-2057", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-06-15T19:30:00.530", "references": [ { "source": "cve@mitre.org", "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-287" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-12-08 11:03
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/17564 | Vendor Advisory | |
cve@mitre.org | http://securitytracker.com/id?1016291 | ||
cve@mitre.org | http://www.hacker.co.il/security/ie/css_import.html | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/15660 | Exploit | |
cve@mitre.org | http://www.vupen.com/english/advisories/2005/2804 | Vendor Advisory | |
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2319 | Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1800 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1838 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1914 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1977 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1985 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17564 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016291 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.hacker.co.il/security/ie/css_import.html | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15660 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2804 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2319 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1800 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1838 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1914 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1977 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1985 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka \"CSSXSS\" and \"CSS Cross-Domain Information Disclosure Vulnerability.\"" } ], "id": "CVE-2005-4089", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-12-08T11:03:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/17564" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016291" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.hacker.co.il/security/ie/css_import.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/15660" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2005/2804" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1800" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1838" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1914" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1977" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1985" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/17564" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016291" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.hacker.co.il/security/ie/css_import.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/15660" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2005/2804" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2319" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1800" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1838" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1914" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1977" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1985" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-09-12 20:17
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://osvdb.org/37638 | ||
cve@mitre.org | http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/ | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/37638 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/ | Exploit |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 4.x | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0_ta3 | |
microsoft | ie | 5.x | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.1 | |
microsoft | internet_explorer | 4.5 | |
microsoft | internet_explorer | 5 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.2.3 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0.5730.11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.x:*:*:*:*:*:*:*", "matchCriteriaId": "45091F51-BA28-4FEB-9F84-58AC2E1DB48F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "C26125C2-2476-43E8-8878-8C1A5A8B244F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "FED6949F-54D0-4D36-B6A8-59EBFA2611E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0_ta3:*:*:*:*:*:*:*", "matchCriteriaId": "A086C4BD-F015-45F9-AF24-763F0FDF4268", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*", "matchCriteriaId": "B0DCFCBD-8EDF-47B5-823F-5E05CD22AF4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file." }, { "lang": "es", "value": "Microsoft Internet Explorer 4.0 hasta 7 permite a atacantes remotos determinar la existencia de archivos locales que tienen im\u00e1genes asociadas mediante un URI res:// en la propiedad src de un objeto Image de JavaScript, como se ha demostrado con el URI de un recurso de imagen bitmap dentro de un archivo (1) .exe o (2) .dll." } ], "id": "CVE-2007-4848", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-09-12T20:17:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://osvdb.org/37638" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37638" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-08 23:04
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/21396 | ||
secure@microsoft.com | http://securitytracker.com/id?1016663 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/340060 | Patch, US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/27853 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-220A.html | Patch, US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/3212 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21396 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016663 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/340060 | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27853 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-220A.html | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3212 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.01 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer 5.01 SP4 y 6 no maneja adecuadamente diversas combinaciones de componentes en dise\u00f1os HTML, lo cual permite a atacantes remotos con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo HTML manipulado que lleva a una corrupci\u00f3n de memoria, tambi\u00e9n conocido como \"Vulnerabilidad de Corrupci\u00f3n de Memoria en Renderizado HTML\"" } ], "id": "CVE-2006-3637", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-08-08T23:04:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/21396" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016663" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/340060" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/27853" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21396" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016663" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/340060" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27853" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-09 00:04
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/21396 | ||
secure@microsoft.com | http://securitytracker.com/id?1016663 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/252764 | Patch, US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/27851 | ||
secure@microsoft.com | http://www.securityfocus.com/bid/19400 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-220A.html | Patch, US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/3212 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21396 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016663 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/252764 | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27851 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19400 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-220A.html | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3212 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.01 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka \"Source Element Cross-Domain Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer 5.01 y 6 no identifica adecuadamente la zona de dominio que origina cuando maneja la redirecci\u00f3n, lo cual permite a un atacante remoto leer p\u00e1ginas web de dominios cruzados y posiblemente ejecutar c\u00f3digo a trav\u00e9s de vectores no especificados que afectan a p\u00e1ginas web manipuladas, tambi\u00e9n conocido como \"Vulnerabilidad de Elemento Fuente de Cruce de Dominios\"." } ], "id": "CVE-2006-3639", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-08-09T00:04:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/21396" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016663" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/252764" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/27851" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/19400" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21396" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016663" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/252764" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27851" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19400" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-07-31 23:04
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html | Exploit | |
cve@mitre.org | http://www.osvdb.org/27530 | ||
cve@mitre.org | http://www.securityfocus.com/bid/19184 | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28046 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27530 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19184 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28046 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en NDFXArtEffects de Microsoft Internet Explorer 6 en Windows XP SP2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante propiedades largas (1) RGBExtraColor, (2) RGBForeColor, y (3) RGBBackColor." } ], "id": "CVE-2006-3943", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-07-31T23:04:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/27530" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19184" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19184" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28046" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-02-19 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html | ||
cve@mitre.org | http://www.ciac.org/ciac/bulletins/n-038.shtml | ||
cve@mitre.org | http://www.iss.net/security_center/static/11259.php | Vendor Advisory | |
cve@mitre.org | http://www.kb.cert.org/vuls/id/400577 | US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/bid/6780 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ciac.org/ciac/bulletins/n-038.shtml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/11259.php | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/400577 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/6780 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka \"Improper Cross Domain Security Validation with ShowHelp functionality.\"" }, { "lang": "es", "value": "La funci\u00f3n showHelp() en Microsoft Internet Explorer 5.5 y 6.0 soporta ciertos tipos de protocolos enchufables (a\u00f1adibles) qeu permiten a atacantes remotos evitar el modelo de seguridad de cruce de dominios y ejecutar c\u00f3digo arbitrario. Tambi\u00e9n conocida como \"Validaci\u00f3n de Seguridad entre dominios con funcionalidad showHelp\"" } ], "id": "CVE-2003-1328", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-02-19T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html" }, { "source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/n-038.shtml" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11259.php" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/400577" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6780" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/n-038.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11259.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/400577" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6780" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-11-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.kb.cert.org/vuls/id/625616 | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17651 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17655 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3949 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6313 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7095 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7194 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/625616 | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17651 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17655 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3949 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6313 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7095 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7194 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the \"Plug-in Navigation Address Bar Spoofing Vulnerability.\"" }, { "lang": "es", "value": "Internet Explorer 5.5 y 6 no manejan adecuadamente la navegaci\u00f3n con complementos (plug-in), lo que permite a atacantes remotos alterar la barra de navegaci\u00f3n mostrada y suplantar p\u00e1ginas web, facilitando ataques de \"phising\", tambi\u00e9n conocida como \"Vulnerabilidad de suplantaci\u00f3n de la barra de direcci\u00f3nes en navegaci\u00f3n en complemento\"." } ], "id": "CVE-2004-0843", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-11-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/625616" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17655" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3949" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6313" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7095" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7194" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/625616" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17655" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3949" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6313" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7095" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7194" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-02-19 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.ciac.org/ciac/bulletins/n-038.shtml | ||
cve@mitre.org | http://www.iss.net/security_center/static/11258.php | Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/6779 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ciac.org/ciac/bulletins/n-038.shtml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/11258.php | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/6779 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka \"Improper Cross Domain Security Validation with dialog box.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos evitar el modelo de seguridad entre dominios (cros-domain) para correr script malicioso o programas arbitrarios mediante cuadros de d\u00ed\u00e1logo. Tambi\u00e9n conocida como \"Validac\u00edon de Seguridad Entre Dominios inapropiada con cuadro de di\u00e1logo\"." } ], "id": "CVE-2003-1326", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-02-19T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/n-038.shtml" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11258.php" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6779" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/n-038.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11258.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6779" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-23 01:04
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/21557 | Vendor Advisory | |
secure@microsoft.com | http://securityreason.com/securityalert/1441 | ||
secure@microsoft.com | http://securitytracker.com/id?1016731 | ||
secure@microsoft.com | http://support.microsoft.com/kb/923762/ | Patch | |
secure@microsoft.com | http://www.kb.cert.org/vuls/id/821156 | Patch, US Government Resource | |
secure@microsoft.com | http://www.microsoft.com/technet/security/advisory/923762.mspx | Patch | |
secure@microsoft.com | http://www.nsfocus.com/english/homepage/research/0608.htm | ||
secure@microsoft.com | http://www.osvdb.org/28132 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/444046/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/444241/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/444319/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/19667 | ||
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/3356 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/28522 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/28893 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21557 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/1441 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016731 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.microsoft.com/kb/923762/ | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/821156 | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.microsoft.com/technet/security/advisory/923762.mspx | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.nsfocus.com/english/homepage/research/0608.htm | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/28132 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/444046/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/444241/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/444319/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19667 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3356 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28522 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28893 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en mont\u00f3n en URLMON.DLL en Microsoft Internet Explorer 6 SP1 en Windows 2000 y XP SP1, con versiones del parche MS06-042 anteriores al 24/08/2006, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo de su elecci\u00f3n mediante una URL larga en un sitio web que utilice compresi\u00f3n HTTP 1.1." } ], "id": "CVE-2006-3869", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-08-23T01:04:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21557" }, { "source": "secure@microsoft.com", "url": "http://securityreason.com/securityalert/1441" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016731" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://support.microsoft.com/kb/923762/" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/821156" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://www.microsoft.com/technet/security/advisory/923762.mspx" }, { "source": "secure@microsoft.com", "url": "http://www.nsfocus.com/english/homepage/research/0608.htm" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/28132" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/444046/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/444241/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/444319/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/19667" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/3356" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28522" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21557" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1441" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016731" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://support.microsoft.com/kb/923762/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/821156" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.microsoft.com/technet/security/advisory/923762.mspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.nsfocus.com/english/homepage/research/0608.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28132" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/444046/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/444241/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/444319/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19667" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3356" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28522" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-01-27 22:03
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.
References
▶ | URL | Tags | |
---|---|---|---|
cret@cert.org | http://www.kb.cert.org/vuls/id/998297 | Third Party Advisory, US Government Resource | |
cret@cert.org | http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx | Patch, Vendor Advisory | |
cret@cert.org | http://www.osvdb.org/23657 | ||
cret@cert.org | http://www.securityfocus.com/bid/16409 | ||
cret@cert.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/24379 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/998297 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/23657 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/16409 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/24379 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054." } ], "id": "CVE-2006-0057", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-01-27T22:03:00.000", "references": [ { "source": "cret@cert.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/998297" }, { "source": "cret@cert.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx" }, { "source": "cret@cert.org", "url": "http://www.osvdb.org/23657" }, { "source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/16409" }, { "source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24379" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/998297" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/23657" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/16409" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24379" } ], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html | Exploit, Vendor Advisory | |
cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html | ||
cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html | ||
cve@mitre.org | http://securitytracker.com/id?1010491 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.osvdb.org/8335 | Exploit | |
cve@mitre.org | http://www.securiteam.com/windowsntfocus/5IP020KDPU.html | Exploit, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16420 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1010491 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/8335 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securiteam.com/windowsntfocus/5IP020KDPU.html | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16420 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with \"::{\" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using \"Save As\" and Internet Explorer prepares an error message with an attacker-controlled format string." } ], "id": "CVE-2004-2434", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://securitytracker.com/id?1010491" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.osvdb.org/8335" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16420" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://securitytracker.com/id?1010491" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.osvdb.org/8335" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16420" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2011-12-07 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://bugzilla.mozilla.org/show_bug.cgi?id=147777 | ||
cve@mitre.org | http://w2spconf.com/2010/papers/p26.pdf | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/71817 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.mozilla.org/show_bug.cgi?id=147777 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://w2spconf.com/2010/papers/p26.pdf | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/71817 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 7.0.6000.16711 | |
microsoft | ie | 8.0.7600.16385 | |
microsoft | ie | 8.0b | |
microsoft | internet_explorer | * | |
microsoft | internet_explorer | 3.0 | |
microsoft | internet_explorer | 3.0.1 | |
microsoft | internet_explorer | 3.0.2 | |
microsoft | internet_explorer | 3.1 | |
microsoft | internet_explorer | 3.2 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.01 | |
microsoft | internet_explorer | 4.1 | |
microsoft | internet_explorer | 4.01 | |
microsoft | internet_explorer | 4.5 | |
microsoft | internet_explorer | 4.40.308 | |
microsoft | internet_explorer | 4.40.520 | |
microsoft | internet_explorer | 4.70.1155 | |
microsoft | internet_explorer | 4.70.1158 | |
microsoft | internet_explorer | 4.70.1215 | |
microsoft | internet_explorer | 4.70.1300 | |
microsoft | internet_explorer | 4.71.544 | |
microsoft | internet_explorer | 4.71.1008.3 | |
microsoft | internet_explorer | 4.71.1712.6 | |
microsoft | internet_explorer | 4.72.2106.8 | |
microsoft | internet_explorer | 4.72.3110.8 | |
microsoft | internet_explorer | 4.72.3612.1713 | |
microsoft | internet_explorer | 5 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.00.0518.10 | |
microsoft | internet_explorer | 5.00.0910.1309 | |
microsoft | internet_explorer | 5.00.2014.0216 | |
microsoft | internet_explorer | 5.00.2314.1003 | |
microsoft | internet_explorer | 5.00.2516.1900 | |
microsoft | internet_explorer | 5.00.2614.3500 | |
microsoft | internet_explorer | 5.00.2919.800 | |
microsoft | internet_explorer | 5.00.2919.3800 | |
microsoft | internet_explorer | 5.00.2919.6307 | |
microsoft | internet_explorer | 5.00.2920.0000 | |
microsoft | internet_explorer | 5.00.3103.1000 | |
microsoft | internet_explorer | 5.00.3105.0106 | |
microsoft | internet_explorer | 5.00.3314.2101 | |
microsoft | internet_explorer | 5.00.3315.1000 | |
microsoft | internet_explorer | 5.00.3502.1000 | |
microsoft | internet_explorer | 5.00.3700.1000 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.2.3 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.50.3825.1300 | |
microsoft | internet_explorer | 5.50.4030.2400 | |
microsoft | internet_explorer | 5.50.4134.0100 | |
microsoft | internet_explorer | 5.50.4134.0600 | |
microsoft | internet_explorer | 5.50.4308.2900 | |
microsoft | internet_explorer | 5.50.4522.1800 | |
microsoft | internet_explorer | 5.50.4807.2300 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.00.2462.0000 | |
microsoft | internet_explorer | 6.00.2479.0006 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.00.2600.0000 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.00.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 6.00.2900.2180 | |
microsoft | internet_explorer | 6.00.3663.0000 | |
microsoft | internet_explorer | 6.00.3718.0000 | |
microsoft | internet_explorer | 6.00.3790.0000 | |
microsoft | internet_explorer | 6.00.3790.1830 | |
microsoft | internet_explorer | 6.00.3790.3959 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0.5730 | |
microsoft | internet_explorer | 7.0.5730.11 | |
microsoft | internet_explorer | 7.00.5730.1100 | |
microsoft | internet_explorer | 7.00.6000.16386 | |
microsoft | internet_explorer | 7.00.6000.16441 | |
microsoft | internet_explorer | 8.0.6001 | |
microsoft | internet_explorer | 8.0.6001 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:7.0.6000.16711:*:*:*:*:*:*:*", "matchCriteriaId": "77497F7F-1853-448A-8448-8FB6FA43169B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:8.0.7600.16385:*:*:*:*:*:*:*", "matchCriteriaId": "1B5A9719-9C14-4843-A6A9-CF4AF804B37D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:8.0b:*:*:*:*:*:*:*", "matchCriteriaId": "587DAAD1-F33D-41EB-B752-36B9D87FC19B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB024757-60F3-44F9-BCFF-04B2F109D7A2", "versionEndIncluding": "8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F62AC866-A06F-47DB-AEDF-E345CE0B14A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "0AF9C64F-9A67-4BA9-A653-75507935E6EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:*:*:*:*:*:*:*", "matchCriteriaId": "B9D82B89-456D-41CB-A894-B6A22FB4415D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "2E21CE6E-2B33-4225-B1DC-C19F1D578040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.308:*:*:*:*:*:*:*", "matchCriteriaId": "0A652453-AB5F-405C-ABDE-CE1B54FEACED", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.520:*:*:*:*:*:*:*", "matchCriteriaId": "141080AB-48DE-4885-BAB6-6F0937ABD49B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1155:*:*:*:*:*:*:*", "matchCriteriaId": "EB758D76-B7F6-4E87-B88D-620443655CA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1158:*:*:*:*:*:*:*", "matchCriteriaId": "28655AC5-1512-4F45-9963-CA26F73981CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1215:*:*:*:*:*:*:*", "matchCriteriaId": "C00F4F36-B88A-4FDB-BE52-83C6EF60BDB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1300:*:*:*:*:*:*:*", "matchCriteriaId": "BEC05584-F553-4D29-9C46-C9EE5F0CB166", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.544:*:*:*:*:*:*:*", "matchCriteriaId": "B108A86E-8387-446C-B823-BE6FCAE747A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:*:*:*:*:*:*:*", "matchCriteriaId": "BA3F79B8-512A-4B88-868C-7C4ADFD223C9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:*:*:*:*:*:*:*", "matchCriteriaId": "078C3A86-C9F8-4A19-9DDC-1065B54E640F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:*:*:*:*:*:*:*", "matchCriteriaId": "9030923C-356E-4FAB-8E64-03D462B4DB5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:*:*:*:*:*:*:*", "matchCriteriaId": "DC0FFABC-8BED-4838-85FE-406DC9CF9B92", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:*:*:*:*:*:*:*", "matchCriteriaId": "C9DB4A00-4F70-4189-81BD-9318C52DF2D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:*:*:*:*:*:*:*", "matchCriteriaId": "FBFE8C8E-F46C-4179-AE83-CE4720C8E0E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:*:*:*:*:*:*:*", "matchCriteriaId": "61125B09-23AA-4D5A-8332-6B5CCD80C7A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:*:*:*:*:*:*:*", "matchCriteriaId": "3AECF59F-B3C0-44CC-B77A-30E32B3E8BB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2314.1003:*:*:*:*:*:*:*", "matchCriteriaId": "D4690B85-86B9-448E-9249-B3885DEDC60E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2516.1900:*:*:*:*:*:*:*", "matchCriteriaId": "4E215C82-E4AD-4B87-92D8-DD4D486EB6EF", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500:*:*:*:*:*:*:*", "matchCriteriaId": "D91F4C80-3B1B-45BD-966F-C9DBF98B875D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800:*:*:*:*:*:*:*", "matchCriteriaId": "F65E0DC1-40F6-4252-945A-A972343D1E29", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.3800:*:*:*:*:*:*:*", "matchCriteriaId": "8C07C1A9-1A94-4653-8C57-6FCFC25854E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307:*:*:*:*:*:*:*", "matchCriteriaId": "EDC57519-AD96-4ECF-A5B2-4E45F7D55298", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000:*:*:*:*:*:*:*", "matchCriteriaId": "37DE3DE6-A355-41F2-BF5E-E7526449E753", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000:*:*:*:*:*:*:*", "matchCriteriaId": "5DB24B4F-44FF-4F0F-90FA-240A34B9599F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106:*:*:*:*:*:*:*", "matchCriteriaId": "919A6551-DB18-49BD-AB92-4C453B3B728F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101:*:*:*:*:*:*:*", "matchCriteriaId": "C512DAB3-2720-42D2-B27E-28F30FE0FE46", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000:*:*:*:*:*:*:*", "matchCriteriaId": "CB90458F-1F2B-4F4C-88C6-4B670787D126", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000:*:*:*:*:*:*:*", "matchCriteriaId": "6C2EFDB4-97C2-4DDF-8A65-FCFB60FCB540", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000:*:*:*:*:*:*:*", "matchCriteriaId": "4A99CDC7-9341-4DFB-BB18-FF06C05FF9B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.3825.1300:*:*:*:*:*:*:*", "matchCriteriaId": "8BA6BA38-8B3B-4B9A-95BF-BCD412DD83B6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4030.2400:*:*:*:*:*:*:*", "matchCriteriaId": "01BD2A05-3FCE-4C5D-8228-968630F27E28", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0100:*:*:*:*:*:*:*", "matchCriteriaId": "4430779C-C678-4950-AE9E-82CDFC1A08D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0600:*:*:*:*:*:*:*", "matchCriteriaId": "BF0EC334-AEAD-43CA-A609-C027060F4F20", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4308.2900:*:*:*:*:*:*:*", "matchCriteriaId": "BAF320BE-F022-4E0E-9815-B8AEED87B384", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4522.1800:*:*:*:*:*:*:*", "matchCriteriaId": "75532B2D-6814-4D20-8AEB-E7DFD66B6423", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4807.2300:*:*:*:*:*:*:*", "matchCriteriaId": "83802E30-8E7D-4CAB-B8FC-10056CF833D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*", "matchCriteriaId": "314538E8-48EC-4869-9074-2A1F5B7CBB3C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*", "matchCriteriaId": "F56B3A72-7C5E-4F0C-BBC7-AA13DDFBEE70", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2600.0000:*:*:*:*:*:*:*", "matchCriteriaId": "6876CE89-AA70-44C5-8A69-E2ED7A63F570", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "BCE2555F-C4BE-482F-8DD9-976D2026058C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "61F352FE-C22E-4B33-A46F-77A164B5DABB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*", "matchCriteriaId": "5ACD5A44-0926-4A1B-9900-1E7CC0A561C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3718.0000:*:*:*:*:*:*:*", "matchCriteriaId": "196CEE37-2E3A-41A7-9AC1-0D5CC3F35D8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*", "matchCriteriaId": "3E16BEF4-71AA-4E23-B438-D25FFABDB646", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*", "matchCriteriaId": "1F32702E-F955-4DDB-B235-7C47E882453C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*", "matchCriteriaId": "6FA2B4AD-C04D-4A6B-8570-5A2F5489F750", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*", "matchCriteriaId": "817636ED-5E42-460E-89F1-24D5C64AB8BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*", "matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*", "matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*", "matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:*:*:*:*:*:*:*", "matchCriteriaId": "5F709B61-F64B-4E8F-80BB-4944485B6125", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", "matchCriteriaId": "612B8367-DAEF-4EE3-BC57-16A5CF4D3030", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264." }, { "lang": "es", "value": "La implementaci\u00f3n de las Hojas de Estilo en Cascada (CSS) en Microsoft Internet Explorer, no controla correctamente el :visited pseudo-class, lo que permite a atacantes remotos obtener informaci\u00f3n sensible acerca de las p\u00e1ginas web visitadas a trav\u00e9s de un documento HTML manipulado. Relacionado con CVE-2010-2264." } ], "id": "CVE-2002-2435", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2011-12-07T19:55:00.987", "references": [ { "source": "cve@mitre.org", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=147777" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://w2spconf.com/2010/papers/p26.pdf" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71817" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=147777" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://w2spconf.com/2010/papers/p26.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71817" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.kb.cert.org/vuls/id/630720 | Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17820 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/630720 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17820 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*", "matchCriteriaId": "B95B2BE4-B4E0-4B77-9999-53B9224F5CB1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*", "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*", "matchCriteriaId": "ADEBB882-1C55-4B7B-B4CF-F1B23502FD90", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*", "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*", "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*", "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer on Windows XP does not properly modify the \"Drag and Drop or copy and paste files\" setting when the user sets it to \"Disable\" or \"Prompt,\" which may enable security-sensitive operations that are inconsistent with the user\u0027s intended configuration." } ], "id": "CVE-2004-0979", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/630720" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17820" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/630720" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17820" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-04-11 23:02
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/archive/1/430408/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/430431/100/0/threaded | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/25852 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/430408/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/430431/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/25852 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property." } ], "id": "CVE-2006-1719", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-04-11T23:02:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/430408/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/430431/100/0/threaded" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25852" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/430408/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/430431/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25852" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.kb.cert.org/vuls/id/698835 | Patch, US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/bid/11466 | Exploit, Patch | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA05-039A.html | Patch, US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/19117 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1334 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2046 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2953 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3006 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4726 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4864 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/698835 | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11466 | Exploit, Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA05-039A.html | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/19117 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1334 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2046 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2953 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3006 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4726 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4864 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | enterprise | |
microsoft | windows_2003_server | enterprise_64-bit | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_2003_server | standard | |
microsoft | windows_2003_server | web | |
microsoft | windows_98 | * | |
microsoft | windows_98se | * | |
microsoft | windows_me | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "matchCriteriaId": "E69D0E21-8C62-403E-8097-2CA403CBBB1B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "matchCriteriaId": "5D42E51C-740A-4441-8BAF-D073111B984C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "matchCriteriaId": "74AD256D-4BCE-41FB-AD73-C5C63A59A06D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*", "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*", "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*", "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*", "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the \"Drag-and-Drop Vulnerability.\"" }, { "lang": "es", "value": "Internet Explorer 5.01, 5.5 y 6 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario mediante eventos de arrastrar y soltar, tambi\u00e9n conocidos como \"Vulnerabilidad de arrastrar y soltar\"." } ], "id": "CVE-2005-0053", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-05-02T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/698835" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/11466" }, { "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19117" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1334" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2046" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2953" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3006" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4726" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/698835" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/11466" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19117" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1334" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2953" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3006" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4726" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4864" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.iss.net/security_center/static/10180.php | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/292842 | ||
cve@mitre.org | http://www.securityfocus.com/bid/5778 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10180.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/292842 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/5778 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800.1106 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user\u0027s local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack." } ], "id": "CVE-2002-2125", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/10180.php" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/292842" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/5778" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/10180.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/292842" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/5778" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-10-21 18:02
Modified
2025-04-03 01:03
Severity ?
Summary
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/17163 | Patch, Vendor Advisory | |
secure@microsoft.com | http://secunia.com/advisories/17172 | ||
secure@microsoft.com | http://secunia.com/advisories/17223 | ||
secure@microsoft.com | http://securitytracker.com/id?1015036 | ||
secure@microsoft.com | http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/415828 | Third Party Advisory, US Government Resource | |
secure@microsoft.com | http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html | Patch | |
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-044 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1146 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1284 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1416 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17163 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17172 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17223 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015036 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/415828 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-044 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1146 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1284 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1416 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when \"Enable Folder View for FTP Sites\" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames." } ], "id": "CVE-2005-2126", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2005-10-21T18:02:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/17163" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/17172" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/17223" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015036" }, { "source": "secure@microsoft.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/415828" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-044" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1146" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1284" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1416" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/17163" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17172" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17223" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015036" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/415828" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-044" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1146" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1284" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1416" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-11-14 21:07
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://securitytracker.com/id?1017223 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/197852 | US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/31323 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/451590/100/100/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/21020 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-318A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/4505 | Vendor Advisory | |
secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-06-041.html | Vendor Advisory | |
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/29199 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1017223 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/197852 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/31323 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/451590/100/100/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/21020 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-318A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/4505 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-06-041.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/29199 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer 5.01 hasta 6 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante combinaciones de dise\u00f1o artesanales implicando etiquetas DIV y propiedades float de HTML CSS que disparan una corrupci\u00f3n de memoria, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria al traducir HTML\"." } ], "id": "CVE-2006-4687", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-11-14T21:07:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1017223" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/197852" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/31323" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/451590/100/100/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/21020" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/4505" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-041.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29199" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017223" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/197852" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/31323" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/451590/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/4505" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-041.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29199" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://securityreason.com/securityalert/3989 | ||
cve@mitre.org | http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/348360 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/348574 | ||
cve@mitre.org | http://www.securityfocus.com/bid/9295 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3989 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/348360 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/348574 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9295 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.22 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.22:*:*:*:*:*:*:*", "matchCriteriaId": "226A1B77-A80E-4ADE-8318-749CD1AD7CD0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data." } ], "evaluatorImpact": "The only versions confirmed with this vulnerability are the ones listed in the CPE entry. Other IE Versions may, and probably are, affected but have not been confirmed yet.", "id": "CVE-2003-1559", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3989" }, { "source": "cve@mitre.org", "url": "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/348360" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/348574" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/9295" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3989" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/348360" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/348574" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/9295" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/17565 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17565 | Vendor Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site." } ], "id": "CVE-2005-4679", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/17565" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/17565" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-02-13 22:28
Modified
2025-04-09 00:30
Severity ?
Summary
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473 | ||
secure@microsoft.com | http://secunia.com/advisories/24156 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/613564 | US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/31892 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/462303/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/22489 | ||
secure@microsoft.com | http://www.securitytracker.com/id?1017642 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA07-044A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2007/0584 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24156 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/613564 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/31892 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/462303/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22489 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1017642 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-044A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0584 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | internet_explorer | 5.01 | |
microsoft | windows_2000 | * | |
microsoft | ie | 6.0 | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*", "matchCriteriaId": "B058588A-88F3-4789-8EA9-0D37447B08CA", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*", "matchCriteriaId": "3C9649DB-D417-4CCC-9F61-685ECB355AD7", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*", "matchCriteriaId": "722526B1-12E3-42E7-95ED-84A86D0C189A", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption." }, { "lang": "es", "value": "El c\u00f3digo del cliente FTP wininet.dll en Microsoft Internet Explorer 5.01 y 6 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una respuesta FTP del servidor de una longitud espec\u00edfica que provoca que el byte nulo de terminaci\u00f3n sea escrito fuera del b\u00fafer, lo cual provoca la corrupci\u00f3n de la pila." } ], "id": "CVE-2007-0217", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-02-13T22:28:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/24156" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/613564" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/31892" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/22489" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1017642" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24156" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/613564" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/31892" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22489" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017642" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-12-11 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=103970996205091&w=2 | ||
cve@mitre.org | http://www.eeye.com/html/Research/Advisories/AD20021211.html | ||
cve@mitre.org | http://www.iss.net/security_center/static/10662.php | Patch, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/6216 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=103970996205091&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.eeye.com/html/Research/Advisories/AD20021211.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10662.php | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/6216 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka \"Malformed PNG Image File Failure.\"" } ], "id": "CVE-2002-1185", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-12-11T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=103970996205091\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.eeye.com/html/Research/Advisories/AD20021211.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/10662.php" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6216" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=103970996205091\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.eeye.com/html/Research/Advisories/AD20021211.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/10662.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6216" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/archive/1/245152 | ||
cve@mitre.org | http://www.securityfocus.com/bid/3684 | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/7709 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/245152 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3684 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/7709 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images." } ], "id": "CVE-2001-1489", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/245152" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/3684" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/245152" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/3684" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-12-14 11:03
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/15368 | ||
secure@microsoft.com | http://secunia.com/advisories/18064 | ||
secure@microsoft.com | http://secunia.com/advisories/18311 | ||
secure@microsoft.com | http://securitytracker.com/id?1015348 | ||
secure@microsoft.com | http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/959049 | US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/21763 | ||
secure@microsoft.com | http://www.securityfocus.com/bid/15827 | Patch | |
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA05-347A.html | Patch, Third Party Advisory, US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2005/2867 | ||
secure@microsoft.com | http://www.vupen.com/english/advisories/2005/2909 | ||
secure@microsoft.com | http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/23453 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1426 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1475 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1520 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1543 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1558 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1597 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/15368 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18064 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18311 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015348 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/959049 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/21763 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15827 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA05-347A.html | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2867 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2909 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/23453 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1426 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1475 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1520 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1543 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1558 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1597 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the \"COM Object Instantiation Memory Corruption Vulnerability,\" a different vulnerability than CVE-2005-2127." }, { "lang": "es", "value": "Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante una p\u00e1gina web con CLSIDs incrustados que hacen referencia ciertos objetos COM que no est\u00e1n pensados para ser usados con con Internet Explorer, tcc una variante de la \"Vulnerabilidad de Corrupci\u00f3n de Memoria por Instanciamiento de Objeto COM\", una vulnerabilidad diferente de CVE-2005-2127." } ], "id": "CVE-2005-2831", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-12-14T11:03:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/15368" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/18064" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/18311" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015348" }, { "source": "secure@microsoft.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/21763" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/15827" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "source": "secure@microsoft.com", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23453" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1426" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1475" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1520" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1543" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1558" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1597" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/15368" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18064" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18311" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015348" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/21763" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/15827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1426" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1475" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1520" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1543" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1558" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1597" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-08 23:04
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/21396 | Vendor Advisory | |
secure@microsoft.com | http://securitytracker.com/id?1016663 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/959049 | US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/27852 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/442728/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/19340 | ||
secure@microsoft.com | http://www.tippingpoint.com/security/advisories/TSRT-06-09.html | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-220A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/3212 | Vendor Advisory | |
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A719 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21396 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016663 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/959049 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27852 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/442728/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19340 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.tippingpoint.com/security/advisories/TSRT-06-09.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-220A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3212 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A719 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka \"COM Object Instantiation Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer 5.01 y 6 no maneja adecuadamente objetos COM no inicializados, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n, como ha sido demostrado por la funci\u00f3n Nth en el control ActiveX DirectAnimation.DATuple, tambi\u00e9n conocido como \"Vulnerabilidad de Corrupci\u00f3n de Memoria en la Instanciaci\u00f3n de Objetos COM\"." } ], "id": "CVE-2006-3638", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-08-08T23:04:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21396" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016663" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/27852" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/442728/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/19340" }, { "source": "secure@microsoft.com", "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-09.html" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A719" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21396" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016663" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27852" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/442728/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19340" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-09.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A719" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-07-10 21:00
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.exploit-db.com/exploits/9100 | ||
cve@mitre.org | http://www.securityfocus.com/bid/35620 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.exploit-db.com/exploits/9100 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35620 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 8.0b | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0.5730 | |
microsoft | internet_explorer | 7.0.5730.11 | |
microsoft | internet_explorer | 7.00.5730.1100 | |
microsoft | internet_explorer | 7.00.6000.16386 | |
microsoft | internet_explorer | 7.00.6000.16441 | |
microsoft | internet_explorer | 8.0.6001 | |
microsoft | internet_explorer | 8.0.6001 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:8.0b:*:*:*:*:*:*:*", "matchCriteriaId": "587DAAD1-F33D-41EB-B752-36B9D87FC19B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*", "matchCriteriaId": "817636ED-5E42-460E-89F1-24D5C64AB8BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*", "matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*", "matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*", "matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:*:*:*:*:*:*:*", "matchCriteriaId": "5F709B61-F64B-4E8F-80BB-4944485B6125", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", "matchCriteriaId": "612B8367-DAEF-4EE3-BC57-16A5CF4D3030", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en el m\u00e9todo AddFavorite en Microsoft Internet Explorer permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue de aplicaci\u00f3n) y posiblemente tiene otro impacto no especificado a trav\u00e9s de una URL larga en el primer argumento." } ], "id": "CVE-2009-2433", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-07-10T21:00:00.313", "references": [ { "source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/9100" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35620" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/9100" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35620" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-03-23 00:06
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html | ||
secure@microsoft.com | http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html | ||
secure@microsoft.com | http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html | ||
secure@microsoft.com | http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html | ||
secure@microsoft.com | http://secunia.com/advisories/18680 | Vendor Advisory | |
secure@microsoft.com | http://secunia.com/secunia_research/2006-7/advisory/ | ||
secure@microsoft.com | http://securitytracker.com/id?1015812 | ||
secure@microsoft.com | http://www.ciac.org/ciac/bulletins/q-154.shtml | ||
secure@microsoft.com | http://www.computerterrorism.com/research/ct22-03-2006 | Vendor Advisory | |
secure@microsoft.com | http://www.kb.cert.org/vuls/id/876678 | US Government Resource | |
secure@microsoft.com | http://www.microsoft.com/technet/security/advisory/917077.mspx | ||
secure@microsoft.com | http://www.osvdb.org/24050 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/428441 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/428583/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/428600/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/429088/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/429124/30/6120/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/17196 | Exploit | |
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-101A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/1050 | ||
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/1318 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/25379 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18680 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2006-7/advisory/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015812 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ciac.org/ciac/bulletins/q-154.shtml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.computerterrorism.com/research/ct22-03-2006 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/876678 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.microsoft.com/technet/security/advisory/917077.mspx | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/24050 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/428441 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/428583/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/428600/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/429088/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/429124/30/6120/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/17196 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-101A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/1050 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/1318 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/25379 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "4A33815E-5D85-4F0E-A4D1-DB31A64C8801", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer." } ], "id": "CVE-2006-1359", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-03-23T00:06:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html" }, { "source": "secure@microsoft.com", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html" }, { "source": "secure@microsoft.com", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html" }, { "source": "secure@microsoft.com", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/18680" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/secunia_research/2006-7/advisory/" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015812" }, { "source": "secure@microsoft.com", "url": "http://www.ciac.org/ciac/bulletins/q-154.shtml" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.computerterrorism.com/research/ct22-03-2006" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/876678" }, { "source": "secure@microsoft.com", "url": "http://www.microsoft.com/technet/security/advisory/917077.mspx" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/24050" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/428441" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/428583/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/428600/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/429088/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/429124/30/6120/threaded" }, { "source": "secure@microsoft.com", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/17196" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/1050" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25379" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/18680" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/secunia_research/2006-7/advisory/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015812" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/q-154.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.computerterrorism.com/research/ct22-03-2006" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/876678" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.microsoft.com/technet/security/advisory/917077.mspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/24050" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/428441" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/428583/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/428600/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/429088/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/429124/30/6120/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/17196" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1050" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25379" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-09-15 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=109539520310153&w=2 | ||
cve@mitre.org | http://www.securityfocus.com/bid/11200 | Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/20617 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109539520310153&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11200 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/20617 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin." } ], "id": "CVE-2004-1686", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-09-15T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109539520310153\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11200" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20617" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109539520310153\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11200" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20617" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-06-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=105476381609135&w=2 | ||
cve@mitre.org | http://secunia.com/advisories/8943 | ||
cve@mitre.org | http://www.eeye.com/html/Research/Advisories/AD20030604.html | Patch, Vendor Advisory | |
cve@mitre.org | http://www.kb.cert.org/vuls/id/679556 | US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=105476381609135&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/8943 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.eeye.com/html/Research/Advisories/AD20030604.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/679556 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en Microsoft Internet Explorer 5.01, 5.5, y 6.0 permite que atacantes remotos ejecuten c\u00f3digo arbitrario mediante un caracter \"/\" (barra inclinada) en la propiedad Type de un tag Object en una p\u00e1gina web." } ], "id": "CVE-2003-0344", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-06-16T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/8943" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/679556" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/8943" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/679556" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=109303291513335&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=109336221826652&w=2 | ||
cve@mitre.org | http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html | Vendor Advisory | |
cve@mitre.org | http://www.kb.cert.org/vuls/id/526089 | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/bid/10973 | Exploit, Patch, Vendor Advisory | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17044 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109303291513335&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109336221826652&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/526089 | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10973 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17044 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
avaya | ip600_media_servers | * | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 | |
avaya | definity_one_media_server | * | |
avaya | s3400 | * | |
avaya | s8100 | * | |
nortel | ip_softphone_2050 | * | |
nortel | mobile_voice_client_2050 | * | |
nortel | optivity_telephony_manager | * | |
nortel | symposium_web_centre_portal | * | |
nortel | symposium_web_client | * | |
avaya | modular_messaging_message_storage_server | 1.1 | |
avaya | modular_messaging_message_storage_server | 2.0 | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | enterprise | |
microsoft | windows_2003_server | enterprise_64-bit | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_2003_server | standard | |
microsoft | windows_2003_server | web | |
microsoft | windows_98 | * | |
microsoft | windows_98se | * | |
microsoft | windows_me | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*", "matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCB0BA4C-BA48-4DDA-917E-9EA9E04A898F", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nortel:ip_softphone_2050:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A140A10-720D-4FF5-9559-184D9AC33509", "vulnerable": true }, { "criteria": "cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*", "matchCriteriaId": "48E2627D-3244-4A66-9EF6-B790EEFD0D4A", "vulnerable": true }, { "criteria": "cpe:2.3:a:nortel:optivity_telephony_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "162EA244-0CED-44BF-9857-13127C833FB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:nortel:symposium_web_centre_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "17F13410-3380-4CB8-9E20-92E14B85ADC4", "vulnerable": true }, { "criteria": "cpe:2.3:a:nortel:symposium_web_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "872353DB-616C-46F8-99F1-7C7B56DEF34F", "vulnerable": true }, { "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E25F5CF2-F891-41CA-A40C-13966F72FDF8", "vulnerable": true }, { "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7417958C-5321-41D6-9D1A-D16BF5511E81", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "matchCriteriaId": "E69D0E21-8C62-403E-8097-2CA403CBBB1B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "matchCriteriaId": "5D42E51C-740A-4441-8BAF-D073111B984C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "matchCriteriaId": "74AD256D-4BCE-41FB-AD73-C5C63A59A06D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*", "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*", "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*", "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*", "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"." } ], "id": "CVE-2004-0839", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-08-18T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/526089" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10973" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/526089" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10973" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-07-07 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html | ||
cve@mitre.org | http://marc.info/?l=vuln-dev&m=108457938412310&w=2 | ||
cve@mitre.org | http://marc.info/?l=vuln-dev&m=108476938219070&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=vuln-dev&m=108457938412310&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=vuln-dev&m=108476938219070&w=2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference." }, { "lang": "es", "value": "Internet Explorer 6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante Javascritp que crea una ventana emergente y desactiva la funcionalidad imagetoolbar con una etiqueta META, lo que dispara una desreferencia nula." } ], "id": "CVE-2004-0479", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-07-07T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=vuln-dev\u0026m=108457938412310\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=vuln-dev\u0026m=108476938219070\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=vuln-dev\u0026m=108457938412310\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=vuln-dev\u0026m=108476938219070\u0026w=2" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-07-06 01:05
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html | Exploit | |
cve@mitre.org | http://www.osvdb.org/26834 | ||
cve@mitre.org | http://www.securityfocus.com/bid/18773 | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/27596 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/26834 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18773 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27596 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
canon | network_camera_server_vb101 | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*", "matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*", "matchCriteriaId": "B1D7486F-1B6C-4705-B73C-F763F36F5150", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*", "matchCriteriaId": "6DBFDCF4-ACC7-4196-BA4D-2A35FAA5E1F0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*", "matchCriteriaId": "5E49636B-A425-4595-9663-A22A9F7C7D30", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*", "matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*", "matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*", "matchCriteriaId": "3665D68D-8E1E-4FA9-97B9-9E099DDE84F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "A53E9D33-ECCD-428B-A117-3EB04B9554C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference." }, { "lang": "es", "value": "Vulnerabilidad en el navegador web Internet Explorer v6 de Microsoft que permite a atacantes remotos causar una denegaci\u00f3n de servicio (indisponibilidad de la aplicaci\u00f3n) asignando a la propiedad \"Filter\" (filtro) de un objeto ActiveX ADODB.Recordset ciertos valores varias veces, lo que dispara un de-referenciaci\u00f3n de un direcci\u00f3n (o puntero) nula." } ], "id": "CVE-2006-3354", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-07-06T01:05:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/26834" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/18773" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26834" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/18773" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27596" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-02-18 02:02
Modified
2025-04-03 01:03
Severity ?
Summary
Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.osvdb.org/23307 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/424959/100/0/threaded | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/24846 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/23307 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/424959/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/24846 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status." }, { "lang": "es", "value": "Fuga de memoria en Microsoft Internet Explorer 6 para Windows XP Service Pack 2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de JavaScript que utiliza setInterval para llamar a una funci\u00f3n repetidamente para establecer el valor de window.status." } ], "id": "CVE-2006-0753", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-02-18T02:02:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.osvdb.org/23307" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/424959/100/0/threaded" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24846" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/23307" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/424959/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24846" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-07-10 20:05
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." }, { "lang": "es", "value": "Microsoft Internet Explorer 6.0 y 6.0 SP1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de una p\u00e1gina HTML con una etiqueta A que contiene un atributo de t\u00edtulo largo. NOTA: el origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido \u00fanicamente de informaci\u00f3n de terceros." } ], "id": "CVE-2006-3472", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-07-10T20:05:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.osvdb.org/30822" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/18820" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/30822" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/18820" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-05-20 17:30
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://websecurity.com.ua/4206/ | Exploit | |
cve@mitre.org | http://www.securityfocus.com/archive/1/511327/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://websecurity.com.ua/4206/ | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/511327/100/0/threaded |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 8.0.7600.16385 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:8.0.7600.16385:*:*:*:*:*:*:*", "matchCriteriaId": "1B5A9719-9C14-4843-A6A9-CF4AF804B37D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements." }, { "lang": "es", "value": "Microsoft Internet Explorer v6.0.2900.2180, v7 y v8.0.7600.16385 ejecuta una aplicaci\u00f3n mail en situaciones d\u00f3nde un elemento IFRAME tiene un mailto: URL en su atributo SRC lo que permite a atacantes remotos provocar una denegaci\u00f3n del servicio (lanzamiento de demasiadas aplicaciones) a trav\u00e9s de un documento HTML con varios elementos IFRAME" } ], "id": "CVE-2010-1991", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-05-20T17:30:01.647", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://websecurity.com.ua/4206/" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/511327/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://websecurity.com.ua/4206/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/511327/100/0/threaded" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-12-14 11:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://marc.info/?l=full-disclosure&m=113450519906463&w=2 | ||
secure@microsoft.com | http://secunia.com/advisories/15368 | Vendor Advisory | |
secure@microsoft.com | http://secunia.com/advisories/18064 | Vendor Advisory | |
secure@microsoft.com | http://secunia.com/advisories/18311 | Vendor Advisory | |
secure@microsoft.com | http://secunia.com/secunia_research/2005-21/advisory | Patch, Vendor Advisory | |
secure@microsoft.com | http://secunia.com/secunia_research/2005-7/advisory/ | Patch, Vendor Advisory | |
secure@microsoft.com | http://securityreason.com/securityalert/254 | ||
secure@microsoft.com | http://securitytracker.com/id?1015349 | ||
secure@microsoft.com | http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/419395/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/15823 | Patch | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2005/2867 | Vendor Advisory | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2005/2909 | Vendor Advisory | |
secure@microsoft.com | http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/23448 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=full-disclosure&m=113450519906463&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/15368 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18064 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18311 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2005-21/advisory | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2005-7/advisory/ | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/254 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015349 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/419395/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15823 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2867 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2909 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/23448 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the \"Run\" button, aka \"File Download Dialog Box Manipulation Vulnerability.\"" }, { "lang": "es", "value": "M\u00faltiples errores de dise\u00f1o en Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) superponiendo y ventana nueva maliciosa a un cuadro de descarga de fichero, y entonces (2) usando un atajo de teclado y demorando la visualizaci\u00f3n del cuadro de descarga de ficheros hasta que el usuario pulsa un acceso directo que activa el bot\u00f3n \"Ejecutar\", tcc \"Vulnerabilidad de Manipulaci\u00f3n de Cuadro de Descarga de Fichero\".\r\n" } ], "id": "CVE-2005-2829", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2005-12-14T11:03:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://marc.info/?l=full-disclosure\u0026m=113450519906463\u0026w=2" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/15368" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/18064" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/18311" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/secunia_research/2005-21/advisory" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/secunia_research/2005-7/advisory/" }, { "source": "secure@microsoft.com", "url": "http://securityreason.com/securityalert/254" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015349" }, { "source": "secure@microsoft.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/419395/100/0/threaded" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/15823" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "source": "secure@microsoft.com", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23448" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure\u0026m=113450519906463\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/15368" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/18064" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/18311" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/secunia_research/2005-21/advisory" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/secunia_research/2005-7/advisory/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/254" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015349" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/419395/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/15823" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2005/2867" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2005/2909" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23448" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=110053968530613&w=2 | ||
cve@mitre.org | http://secunia.com/advisories/13208 | Patch | |
cve@mitre.org | http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html | Patch, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/11680 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/18073 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=110053968530613&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/13208 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11680 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/18073 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": false }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": false } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker\u0027s domain name is within the target\u0027s domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions." } ], "id": "CVE-2004-1527", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=110053968530613\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://secunia.com/advisories/13208" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/11680" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18073" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=110053968530613\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://secunia.com/advisories/13208" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/11680" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18073" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://seclists.org/fulldisclosure/2007/Feb/0081.html | Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/archive/1/411585 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/archive/1/459172/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/459172/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/14969 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2007/Feb/0081.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/411585 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/459172/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/459172/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14969 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
canon | network_camera_server_vb101 | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:*:microsoft_windows_server_2003_sp1:*:*:*:*:*", "matchCriteriaId": "12D23F59-5C49-4DE0-85E8-15287140660D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "CD115D64-87D8-4868-B247-16B83591B7FE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "11A09F26-5FE3-4879-9FCB-769F8FB3D067", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*", "matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*", "matchCriteriaId": "B1D7486F-1B6C-4705-B73C-F763F36F5150", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*", "matchCriteriaId": "6DBFDCF4-ACC7-4196-BA4D-2A35FAA5E1F0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*", "matchCriteriaId": "5E49636B-A425-4595-9663-A22A9F7C7D30", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*", "matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*", "matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*", "matchCriteriaId": "3665D68D-8E1E-4FA9-97B9-9E099DDE84F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server:*:*:*:*:*", "matchCriteriaId": "8D4BD1B0-8A91-4ED2-9C0D-BF87D18A01C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windowsxp:*:*:*:*:*", "matchCriteriaId": "DACE76B0-02BC-4624-A21E-405A893D7437", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_2000:*:*:*:*:*", "matchCriteriaId": "09A21D9F-6F51-4761-B7DB-E79CE60A0E09", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_xp:*:*:*:*:*", "matchCriteriaId": "BA04D0A1-23AE-4C0F-8FE3-FD88D75CDA03", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:windows_xp:*:*:*:*:*", "matchCriteriaId": "B0BFE49F-932B-469C-9B3C-5011D093E1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "A53E9D33-ECCD-428B-A117-3EB04B9554C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks." } ], "id": "CVE-2005-4827", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://seclists.org/fulldisclosure/2007/Feb/0081.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/411585" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/14969" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://seclists.org/fulldisclosure/2007/Feb/0081.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/411585" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/14969" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-04-22 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.iss.net/security_center/static/8851.php | ||
cve@mitre.org | http://www.osvdb.org/5356 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/251805 | ||
cve@mitre.org | http://www.securityfocus.com/bid/3935 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/7969 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/8851.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/5356 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/251805 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3935 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/7969 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:3.0:*:mac_os:*:*:*:*:*", "matchCriteriaId": "2277E59E-D981-4D9D-8FC0-F124FB8B9C5B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:3.1:*:mac_os:*:*:*:*:*", "matchCriteriaId": "C6CB69E1-189F-425C-9023-DE2741669507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:mac_os:*:*:*:*:*", "matchCriteriaId": "B1C0170E-9574-4C90-94F3-F2C2851E2917", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0:a_mac_os:*:*:*:*:*:*", "matchCriteriaId": "35AA9DC0-0694-48FC-8652-831DFAB29226", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:mac_os:*:*:*:*:*", "matchCriteriaId": "D4A15873-B3D2-4017-99CF-E3625FD227F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.5:*:macintosh:*:*:*:*:*", "matchCriteriaId": "55EAB232-C39A-4737-85F3-3D727C727F2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:macos:*:*:*:*:*", "matchCriteriaId": "D3F350E9-3677-43B3-984F-DA39397D6885", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.1:*:mac_os:*:*:*:*:*", "matchCriteriaId": "4CF91C2F-EE6D-4C9E-8F39-1F632399EC49", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the \"Local Applescript Invocation\" vulnerability." }, { "lang": "es", "value": "Internet Explorer 5.1 para Macintosh permite a atacantes remotos evadir comprobaciones de seguridad e invocar AppleScripts locales dentro de un elemento HTML espec\u00edfico. Tambien conocido como vulnerabilidad de \"Invocaci\u00f3n local de AppleScript\"" } ], "id": "CVE-2002-0153", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-04-22T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/8851.php" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/5356" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/251805" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/3935" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7969" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/8851.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/5356" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/251805" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/3935" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7969" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-09-06 00:04
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://polyboy.net/xss/dnsslurp.html | Exploit, URL Repurposed | |
cve@mitre.org | http://shampoo.antville.org/stories/1451301/ | ||
cve@mitre.org | http://www.osvdb.org/31329 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/443209/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://polyboy.net/xss/dnsslurp.html | Exploit, URL Repurposed | |
af854a3a-2127-422b-91ae-364da2661108 | http://shampoo.antville.org/stories/1451301/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/31329 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/443209/100/200/threaded |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser\u0027s session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker\u0027s control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running." }, { "lang": "es", "value": "Internet Explorer 6 sobre Windows XP SP2 permite a un atacante remoto ejecutar c\u00f3digo JavaScript de su elecci\u00f3n en el contexto de una sesi\u00f3n del navegador con un servidor web intranet de su elecci\u00f3n, a trav\u00e9s de una secuencia de comandos de alojamiento de una web sobre un servidor web de Internet puede el atacante puede hacerlo inaccesibley tener un dominio bajo el control del atacante, lo cual puede forzar al navegador disminuir DNS que fija y realizar una nueva pregunta al DNS para el nombre de dominio despu\u00e9s de que la secuencia de comandos est\u00e9 ya funcionando." } ], "id": "CVE-2006-4560", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-09-06T00:04:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "URL Repurposed" ], "url": "http://polyboy.net/xss/dnsslurp.html" }, { "source": "cve@mitre.org", "url": "http://shampoo.antville.org/stories/1451301/" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/31329" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/443209/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "URL Repurposed" ], "url": "http://polyboy.net/xss/dnsslurp.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://shampoo.antville.org/stories/1451301/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/31329" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/443209/100/200/threaded" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-11-15 15:07
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.blogger.com/comment.g?blogID=15069726&postID=116257593427394541 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/archive/1/450825/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.blogger.com/comment.g?blogID=15069726&postID=116257593427394541 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/450825/100/0/threaded |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site\u0027s URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a \"The webpage no longer exists\" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805." }, { "lang": "es", "value": "Microsoft Internet Explorer 7 permite a un atacante remoto a (1) provocar un certificado de seguridad desde un sitio web seguro aparece inv\u00e1lido a trav\u00e9s de un enlace a res://ieframe.dll/sslnavcancel.htm con \t\r\nel sitio objetivo en el identificador anchor, que exhibe el URL del sitio en la barra de direcci\u00f3n pero el Internet Explorer informa que el certificado es inv\u00e1lido, o (2) dispara \u201cla p\u00e1gina Web no existe\u201d a trav\u00e9s de un enlace a res://ieframe.dll/http_410.htm, una variante de CVE-2006-5805." } ], "id": "CVE-2006-5913", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-11-15T15:07:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.blogger.com/comment.g?blogID=15069726\u0026postID=116257593427394541" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/450825/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.blogger.com/comment.g?blogID=15069726\u0026postID=116257593427394541" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/450825/100/0/threaded" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-01-20 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=106979479719446&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=107038202225587&w=2 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/413886 | Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2 | ||
cve@mitre.org | http://www.securitytracker.com/id?1006036 | ||
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-033A.html | US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/13844 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106979479719446&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=107038202225587&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/413886 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1006036 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-033A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/13844 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the \"Function Pointer Drag and Drop Vulnerability.\"" }, { "lang": "es", "value": "Internet Explorer 6 SP1 permite a atacantes remotos enviar acciones de arrastrar y soltar y otras acciones con el rat\u00f3n a otras ventanas usando cacheado de m\u00e9todos (SaveRef) para acceder al m\u00e9todo window.moveBy, que es de otra manera inaccesible, como se demostr\u00f3 por HijackClickV2." } ], "id": "CVE-2003-1027", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-01-20T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106979479719446\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/413886" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1006036" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13844" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106979479719446\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/413886" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1006036" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13844" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-11-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=109770364504803&w=2 | ||
cve@mitre.org | http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/795720 | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17651 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17654 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109770364504803&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/795720 | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17651 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17654 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site." }, { "lang": "es", "value": "Internet Explorer 5.01, 5.5, y 6 no hace cach\u00e9 adecuadamente de contenido SSL, lo que permite a atacantes remotos obtener informaci\u00f3n o suplantar contenido mediante un sitio web con el mismo nombre de m\u00e1quina como el sitio web objetivo, cuyo contenido es almacenado en cach\u00e9 y reutilizado cuando el usuario visita el sitio web objetivo." } ], "id": "CVE-2004-0845", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-11-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109770364504803\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/795720" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17654" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109770364504803\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/795720" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17654" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-12-06 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*", "matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol." } ], "id": "CVE-1999-0989", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-12-06T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/861" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/861" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-06-14 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.kb.cert.org/vuls/id/187196 | US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/archive/1/348521 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/9320 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-196A.html | Third Party Advisory, US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/14105 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/187196 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/348521 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9320 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-196A.html | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/14105 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing \"..\" (dot dot) sequences and a filename that ends in \"::\" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475." }, { "lang": "es", "value": "Internet Explorer 5.x y 6.0 permite a atacantes remotos ejecutar programas arbitrarios mediante una URL conteniendo secuencias \"..\" (punto punto) en un nombre de fichero terminado en \"::\" que es tratado como un fichero CHM aunque no tenga extensi\u00f3n .chm." } ], "id": "CVE-2003-1041", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-06-14T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/187196" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/348521" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9320" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14105" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/187196" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/348521" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9320" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14105" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-02-13 22:28
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/24156 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/753924 | US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/31891 | ||
secure@microsoft.com | http://www.securityfocus.com/bid/22486 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA07-044A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2007/0584 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24156 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/753924 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/31891 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22486 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-044A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0584 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | internet_explorer | 5.01 | |
microsoft | windows_2000 | * | |
microsoft | ie | 6.0 | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | internet_explorer | 6.0 | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | internet_explorer | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*", "matchCriteriaId": "B058588A-88F3-4789-8EA9-0D37447B08CA", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*", "matchCriteriaId": "3C9649DB-D417-4CCC-9F61-685ECB355AD7", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*", "matchCriteriaId": "722526B1-12E3-42E7-95ED-84A86D0C189A", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*", "matchCriteriaId": "722526B1-12E3-42E7-95ED-84A86D0C189A", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*", "matchCriteriaId": "74EE55A2-6020-4591-9F15-80E57D19207C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193." }, { "lang": "es", "value": "Microsoft Internet Explorer 5.01, 6, y 7 utiliza ciertos objetos COM de Imjpcksid.dll como controles ActiveX, lo cual permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados. NOTA: este asunto podr\u00eda estar relacionado con CVE-2006-4193." } ], "id": "CVE-2006-4697", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-02-13T22:28:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/24156" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/753924" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/31891" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/22486" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24156" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/753924" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/31891" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22486" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-07-28 00:04
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html | Exploit | |
cve@mitre.org | http://www.osvdb.org/27112 | ||
cve@mitre.org | http://www.securityfocus.com/bid/19079 | Exploit | |
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2915 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/27845 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27112 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19079 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2915 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27845 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference." }, { "lang": "es", "value": "Internet Explorer 6 sobre Windows XP SP2, cuando Outlook est\u00e1 instalado, permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de llamadas a la funci\u00f3n NewDefaultItem de un objeto OVCtl (OVCtl.OVCtl.1) ActiveXm lo cual dispara una dereferencia null." } ], "id": "CVE-2006-3910", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-07-28T00:04:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/27112" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19079" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2915" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27845" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27112" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19079" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2915" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27845" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=110253463305359&w=2 | ||
cve@mitre.org | http://secunia.com/advisories/13404 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/29346 | Vendor Advisory | |
cve@mitre.org | http://securitytracker.com/id?1012444 | ||
cve@mitre.org | http://www.osvdb.org/12299 | ||
cve@mitre.org | http://www.rapid7.com/advisories/R7-0032.jsp | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/489500/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/11826 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/28208 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/3212 | Vendor Advisory | |
cve@mitre.org | http://www.vupen.com/english/advisories/2008/0870 | Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/18384 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=110253463305359&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/13404 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29346 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1012444 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/12299 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.rapid7.com/advisories/R7-0032.jsp | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489500/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11826 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28208 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3212 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0870 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/18384 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (\"%0a\") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command." } ], "id": "CVE-2004-1166", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=110253463305359\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/13404" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29346" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1012444" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/12299" }, { "source": "cve@mitre.org", "url": "http://www.rapid7.com/advisories/R7-0032.jsp" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/489500/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11826" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28208" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2008/0870" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=110253463305359\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/13404" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29346" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1012444" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/12299" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.rapid7.com/advisories/R7-0032.jsp" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/489500/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11826" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28208" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2008/0870" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-03-24 20:02
Modified
2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html | ||
cve@mitre.org | http://jeffrey.vanderstad.net/grasshopper/ | ||
cve@mitre.org | http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed | ||
cve@mitre.org | http://secunia.com/advisories/19378 | ||
cve@mitre.org | http://securitytracker.com/id?1015800 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/434641 | US Government Resource | |
cve@mitre.org | http://www.osvdb.org/24095 | ||
cve@mitre.org | http://www.securityfocus.com/bid/17181 | ||
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA06-101A.html | US Government Resource | |
cve@mitre.org | http://www.vupen.com/english/advisories/2006/1318 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/25394 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1591 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1642 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1676 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1724 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1774 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://jeffrey.vanderstad.net/grasshopper/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19378 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015800 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/434641 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/24095 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/17181 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-101A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/1318 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/25394 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1591 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1642 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1676 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1724 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1774 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors." } ], "id": "CVE-2006-1388", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-03-24T20:02:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html" }, { "source": "cve@mitre.org", "url": "http://jeffrey.vanderstad.net/grasshopper/" }, { "source": "cve@mitre.org", "url": "http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/19378" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015800" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/434641" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/24095" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17181" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25394" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1591" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1642" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1676" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1724" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1774" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jeffrey.vanderstad.net/grasshopper/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19378" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015800" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/434641" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/24095" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17181" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25394" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1591" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1642" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1676" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1724" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1774" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-11-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=109760693512754&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=110616383332055&w=2 | ||
cve@mitre.org | http://marc.info/?l=ntbugtraq&m=110619893620517&w=2 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/637760 | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.ngssoftware.com/advisories/msinsengfull.txt | ||
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17620 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17651 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109760693512754&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=110616383332055&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=ntbugtraq&m=110619893620517&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/637760 | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.ngssoftware.com/advisories/msinsengfull.txt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-293A.html | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17620 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17651 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en el Motor de Instalaci\u00f3n (inseng.dll) de Internet Explorer 5.01, 5.5 y 6 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un sitio web maliciosos o correo electr\u00f3nico HTML." } ], "id": "CVE-2004-0216", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-11-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109760693512754\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=110616383332055\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=ntbugtraq\u0026m=110619893620517\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/637760" }, { "source": "cve@mitre.org", "url": "http://www.ngssoftware.com/advisories/msinsengfull.txt" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17620" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109760693512754\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=110616383332055\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=ntbugtraq\u0026m=110619893620517\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/637760" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ngssoftware.com/advisories/msinsengfull.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17620" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-02-07 11:28
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://osvdb.org/37636 | ||
cve@mitre.org | http://www.powerhacker.net/exploit/IE_NULL_CRASH.html | Exploit, URL Repurposed | |
cve@mitre.org | http://www.securityfocus.com/bid/22408 | ||
cve@mitre.org | https://www.exploit-db.com/exploits/3272 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/37636 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.powerhacker.net/exploit/IE_NULL_CRASH.html | Exploit, URL Repurposed | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22408 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/3272 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "CD115D64-87D8-4868-B247-16B83591B7FE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:windows_xp:*:*:*:*:*", "matchCriteriaId": "B0BFE49F-932B-469C-9B3C-5011D093E1DB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById." }, { "lang": "es", "value": "Microsoft Internet Explorer 6.0 SP1 en Windows 2000, y 6.0 SP2 en Windows XP, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda de aplicaci\u00f3n) mediante un documento HTML conteniendo c\u00f3digo JavaScript concreto para un bucle, con cuerpo de bucle vac\u00edo, posiblemente involucrando la funci\u00f3n getElementById." } ], "id": "CVE-2007-0811", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-02-07T11:28:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://osvdb.org/37636" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "URL Repurposed" ], "url": "http://www.powerhacker.net/exploit/IE_NULL_CRASH.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22408" }, { "source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3272" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37636" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "URL Repurposed" ], "url": "http://www.powerhacker.net/exploit/IE_NULL_CRASH.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22408" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/3272" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-17 01:04
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://securityreason.com/securityalert/1402 | ||
cve@mitre.org | http://www.osvdb.org/29345 | ||
cve@mitre.org | http://www.osvdb.org/29346 | ||
cve@mitre.org | http://www.osvdb.org/29347 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/443290/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/443295/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/443299/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/19521 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/bid/19529 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/bid/19530 | Exploit | |
cve@mitre.org | http://www.xsec.org/index.php?module=releases&act=view&type=1&id=10 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.xsec.org/index.php?module=releases&act=view&type=1&id=8 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.xsec.org/index.php?module=releases&act=view&type=1&id=9 | Exploit, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28436 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28438 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28439 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/1402 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/29345 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/29346 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/29347 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/443290/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/443295/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/443299/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19521 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19529 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19530 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.xsec.org/index.php?module=releases&act=view&type=1&id=10 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.xsec.org/index.php?module=releases&act=view&type=1&id=8 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.xsec.org/index.php?module=releases&act=view&type=1&id=9 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28436 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28438 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28439 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files." }, { "lang": "es", "value": "Microsoft Internet Explorer 6.0 SP1 y posiblemente otras versiones permite a atacantes remotos provocar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n instanciando objetos COM como controles ActiveX, incluyendo (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), y (3) msoe.dll (Outlook), lo que lleva a una corrupci\u00f3n de memoria. NOTA: no est\u00e1 confirmado si este problema est\u00e1 en Internet Explorer o en los archivos DLL individuales." } ], "id": "CVE-2006-4193", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-08-17T01:04:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1402" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/29345" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/29346" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/29347" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/443290/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/443295/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/443299/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19521" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19529" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19530" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=10" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=8" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=9" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28436" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28438" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28439" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1402" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/29345" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/29346" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/29347" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/443290/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/443295/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/443299/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19521" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19529" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=10" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=8" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=9" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28436" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28438" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28439" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=106322197932006&w=2 | ||
cve@mitre.org | http://secunia.com/advisories/10192 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/413886 | US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/archive/1/337086 | ||
cve@mitre.org | http://www.securitytracker.com/id?1006036 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106322197932006&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/10192 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/413886 | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/337086 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1006036 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027." }, { "lang": "es", "value": "Internet Explorer 6SP! y anteriores permite que atacantes remotos redirijan los comportamientos de copias/pegar y otras acciones del rat\u00f3n a otras ventenas, mediante llamada al m\u00e9todo window.moveBy. Tambi\u00e9n se la conoce como vulnerabilidad HijackClick" } ], "id": "CVE-2003-0823", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-02-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106322197932006\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/10192" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/413886" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/337086" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1006036" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106322197932006\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/10192" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/413886" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/337086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1006036" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-04-29 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html | ||
cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html | ||
cve@mitre.org | http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html | ||
cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html | ||
cve@mitre.org | http://securitytracker.com/id?1015720 | ||
cve@mitre.org | http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02 | Vendor Advisory | |
cve@mitre.org | http://www.osvdb.org/22351 | ||
cve@mitre.org | http://www.securityfocus.com/bid/17713 | Exploit | |
cve@mitre.org | http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/1559 | Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/26111 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015720 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/22351 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/17713 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/1559 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/26111 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "A7B6FB02-F15F-486D-8E7C-40830ABDB62F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*", "matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a \"Yes\" approval for executing the control." } ], "id": "CVE-2006-2094", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-04-29T10:02:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html" }, { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015720" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/22351" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/17713" }, { "source": "cve@mitre.org", "url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/1559" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26111" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015720" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/22351" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/17713" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/1559" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26111" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-362" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-02-18 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "D0BDA2A8-EBB9-47AB-9DA0-5C24527F7210", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "D45C47A8-8B5F-4A49-8B36-FCBA09029375", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "84730D4D-7887-4A64-8C76-F50C85309FE7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*", "matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5CDA0E2-DFBD-4EE0-80DC-76AA55ADFEFC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the \"VM File Reading\" vulnerability." } ], "id": "CVE-2000-0162", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2000-02-18T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-04-22 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=101897994314015&w=2 | ||
cve@mitre.org | http://www.iss.net/security_center/static/8850.php | ||
cve@mitre.org | http://www.osvdb.org/5357 | ||
cve@mitre.org | http://www.securityfocus.com/bid/4517 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=101897994314015&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/8850.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/5357 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4517 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | entourage | 2001 | |
microsoft | entourage | v._x | |
microsoft | excel | 2001 | |
microsoft | excel | x | |
microsoft | ie | 5.1 | |
microsoft | office | 2001 | |
microsoft | office | 2001 | |
microsoft | office | v.x | |
microsoft | outlook_express | 5.0 | |
microsoft | outlook_express | 5.0.1 | |
microsoft | outlook_express | 5.0.2 | |
microsoft | outlook_express | 5.0.3 | |
microsoft | powerpoint | 98 | |
microsoft | powerpoint | 2001 | |
microsoft | powerpoint | v.x |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:entourage:2001:*:macos:*:*:*:*:*", "matchCriteriaId": "CB669A95-12A3-4AD4-8949-F77117F22E15", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:entourage:v._x:*:macos:*:*:*:*:*", "matchCriteriaId": "35885642-BB7D-4DEF-A340-387E57FBBDB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:excel:2001:*:mac_os_x:*:*:*:*:*", "matchCriteriaId": "8BC60CAC-F011-42FA-A3D1-1EA5A2410EF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:excel:x:*:mac_os_x:*:*:*:*:*", "matchCriteriaId": "DA71E158-6D0A-4BEF-8471-FE5C864E7073", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.1:*:mac_os:*:*:*:*:*", "matchCriteriaId": "4CF91C2F-EE6D-4C9E-8F39-1F632399EC49", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:2001:*:macos:*:*:*:*:*", "matchCriteriaId": "1C8FF0C2-39E8-4F73-958B-2BB195C5B559", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:2001:sr1:mac_os:*:*:*:*:*", "matchCriteriaId": "68257FB3-3280-4299-A96B-613F60D797C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:v.x:*:mac:*:*:*:*:*", "matchCriteriaId": "1A57804E-CD79-4431-AA97-0F85C2CE20C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:5.0:*:macos:*:*:*:*:*", "matchCriteriaId": "0C607D22-B01D-4404-9657-0D322CE59B0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:5.0.1:*:macos:*:*:*:*:*", "matchCriteriaId": "A47283EA-513A-4EDC-BADA-659AFA28EA38", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:5.0.2:*:macos:*:*:*:*:*", "matchCriteriaId": "EBA048BD-04A9-4BB9-9F3C-60FB1BE1D2BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:5.0.3:*:macos:*:*:*:*:*", "matchCriteriaId": "FB6349F9-6C93-48A1-92F6-18BF1D286DF9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:powerpoint:98:*:macos:*:*:*:*:*", "matchCriteriaId": "41CB2081-C1DB-4DB6-87AC-E6A8BCABDB5D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:powerpoint:2001:*:macos:*:*:*:*:*", "matchCriteriaId": "0602ABD8-0A65-47D5-9D04-6FD1A2F39B9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:powerpoint:v.x:*:macos:*:*:*:*:*", "matchCriteriaId": "DA57624A-D658-42D9-A197-1C8A7ED6ACF2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh." }, { "lang": "es", "value": "Desbordamiento de buffer en varias aplicaciones de Microsoft para Macintosht permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo arbitrario invocando la directiva file:// con un n\u00famero grande de caracteres /. Afecta a Internet Explorer 5.1, Outlook Express 5.0 a 5.0.2, Entourage v. X y 2001, PowerPoint v.X, 2001 y 98, y Excel V.X y 2001 para Macintosh." } ], "id": "CVE-2002-0152", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-04-22T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=101897994314015\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/8850.php" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/5357" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/4517" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=101897994314015\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/8850.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/5357" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/4517" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-12-15 20:11
Modified
2025-04-03 01:03
Severity ?
Summary
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://support.microsoft.com/kb/908233/ | ||
cve@mitre.org | http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.microsoft.com/kb/908233/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", "matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the \"Delete\" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE." }, { "lang": "es", "value": "mshtml.dll en Microsoft Windows XP, Server 2003, e Internet Explorer 6.0 SP1, permite a atacantes causar una denegaci\u00f3n de servicio (violaci\u00f3n de acceso) causando que mshtml.dll procese eventos de foco de bot\u00f3n al mismo tiempo que un documento se est\u00e1 recargando, como se ha visto en Microsoft Office InfoPath 2003 haciendo clic repetidamente en el bot\u00f3n \"Borrar\" en una secci\u00f3n repetitiva en un formulario.\r\nNOTA: La operaci\u00f3n normal de InfoPath parece conllevar un usuario local sin l\u00edmites de privilegios, por lo que esto puede no ser una vulnerabilidad de Infopath. Si no existen escenarios realistas con este problema en otros productos, entonces quiz\u00e1s deber\u00eda ser exclido de CVE." } ], "id": "CVE-2005-4269", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-12-15T20:11:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://support.microsoft.com/kb/908233/" }, { "source": "cve@mitre.org", "url": "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.microsoft.com/kb/908233/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-08-14 21:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/26419 | Vendor Advisory | |
secure@microsoft.com | http://securitytracker.com/id?1018562 | ||
secure@microsoft.com | http://www.nsfocus.com/english/homepage/research/0701.htm | ||
secure@microsoft.com | http://www.osvdb.org/36397 | ||
secure@microsoft.com | http://www.securityfocus.com/bid/25288 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA07-226A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2007/2869 | Vendor Advisory | |
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1673 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26419 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1018562 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.nsfocus.com/english/homepage/research/0701.htm | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/36397 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25288 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-226A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2869 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1673 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.01 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers." }, { "lang": "es", "value": "Una vulnerabilidad no especificada en Internet Explorer versiones 5.01 y 6 SP1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de cadenas de Cascading Style Sheets (CSS) dise\u00f1adas que desencadenan una corrupci\u00f3n de memoria durante el an\u00e1lisis, relacionados con el uso de punteros fuera de l\u00edmites." } ], "id": "CVE-2007-0943", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-08-14T21:17:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/26419" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1018562" }, { "source": "secure@microsoft.com", "url": "http://www.nsfocus.com/english/homepage/research/0701.htm" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/36397" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/25288" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/2869" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1673" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/26419" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018562" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.nsfocus.com/english/homepage/research/0701.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/36397" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25288" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/2869" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1673" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-04-15 08:00
Modified
2025-04-09 00:30
Severity ?
Summary
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx | ||
secure@microsoft.com | http://osvdb.org/53619 | ||
secure@microsoft.com | http://secunia.com/advisories/34677 | ||
secure@microsoft.com | http://secunia.com/advisories/34678 | ||
secure@microsoft.com | http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm | ||
secure@microsoft.com | http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138 | ||
secure@microsoft.com | http://www.securityfocus.com/bid/34439 | ||
secure@microsoft.com | http://www.securitytracker.com/id?1022041 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA09-104A.html | US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2009/1027 | ||
secure@microsoft.com | http://www.vupen.com/english/advisories/2009/1028 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx | ||
af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/53619 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34677 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34678 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34439 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022041 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-104A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1027 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1028 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2008 | * | |
microsoft | windows_server_2008 | * | |
microsoft | windows_server_2008 | * | |
microsoft | windows_vista | * | |
microsoft | windows_vista | * | |
microsoft | windows_vista | gold | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_2000 | * | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 6 | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | internet_explorer | 7 | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2008 | * | |
microsoft | windows_server_2008 | * | |
microsoft | windows_server_2008 | * | |
microsoft | windows_server_2008 | * | |
microsoft | windows_vista | * | |
microsoft | windows_vista | * | |
microsoft | windows_vista | * | |
microsoft | windows_vista | gold | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*", "matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*", "matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*", "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*", "matchCriteriaId": "1D12423F-FCCD-4F4C-9037-7607C1F1F99E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*", "matchCriteriaId": "29EDE745-5A26-42BF-AFDE-7D985BB09D44", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*", "matchCriteriaId": "2D48D876-6A88-4B52-9322-9F019BFA19B9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*", "matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*", "matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*", "matchCriteriaId": "29EDE745-5A26-42BF-AFDE-7D985BB09D44", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*", "matchCriteriaId": "2D48D876-6A88-4B52-9322-9F019BFA19B9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*", "matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*", "matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:32_bit:*:*:*:*:*", "matchCriteriaId": "C4BFF042-5C0B-482A-915B-3B9A267D2D96", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*", "matchCriteriaId": "1D12423F-FCCD-4F4C-9037-7607C1F1F99E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*", "matchCriteriaId": "ACF75FC8-095A-4EEA-9A41-C27CFF3953FB", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "57ECAAA8-8709-4AC7-9CE7-49A8040C04D3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a \"credential-reflection protections\" opt-in step, aka \"Windows HTTP Services Credential Reflection Vulnerability\" and \"WinINet Credential Reflection Vulnerability.\"" }, { "lang": "es", "value": "Windows HTTP Services (tambi\u00e9n conocido como WinHTTP) en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008; y WinINet en Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 y 7 en Windows XP SP2 y SP3, 6 y 7 en Windows Server 2003 SP1 y SP2, 7 en Windows Vista Gold y SP1, y 7 en Windows Server 2008; permite a servidores web remotos capturar y reproducir credenciales NTLM, y ejecutar c\u00f3digo de su elecci\u00f3n, a trav\u00e9s de vectores relacionados con la falta de \"protecciones credencial-reflexi\u00f3n\" paso opt-in, tambi\u00e9n conocido como \"Vulnerabilidad de Reflexi\u00f3n de Credencial en Servicios HTTP de Windows\" y \"Vulnerablidad de Reflexi\u00f3n de Credencial WinINet\"." } ], "id": "CVE-2009-0550", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-04-15T08:00:00.593", "references": [ { "source": "secure@microsoft.com", "url": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx" }, { "source": "secure@microsoft.com", "url": "http://osvdb.org/53619" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/34677" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/34678" }, { "source": "secure@microsoft.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" }, { "source": "secure@microsoft.com", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=871138" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/34439" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1022041" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2009/1027" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2009/1028" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/53619" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34677" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34678" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=871138" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/34439" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022041" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/1027" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/1028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-09-12 23:07
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://research.eeye.com/html/advisories/published/AD20060912.html | ||
secure@microsoft.com | http://securityreason.com/securityalert/1555 | ||
secure@microsoft.com | http://securitytracker.com/id?1016839 | ||
secure@microsoft.com | http://weblog.infoworld.com/techwatch/archives/007870.html | Patch, URL Repurposed | |
secure@microsoft.com | http://www.osvdb.org/30834 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/445835/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/19987 | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/28893 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://research.eeye.com/html/advisories/published/AD20060912.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/1555 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016839 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://weblog.infoworld.com/techwatch/archives/007870.html | Patch, URL Repurposed | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/30834 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/445835/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19987 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28893 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | 64-bit | |
microsoft | windows_2003_server | itanium | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "D2CA1674-A8A0-479A-9D80-344D3C563A24", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*", "matchCriteriaId": "0808041A-CE1A-433A-9C2B-019097CCFB0C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en mont\u00f3n en URLMON.DLL en Microsoft Internet Explorer 6 SP1 sobre Windows 2000 y XP SP1, con versiones del parche MS06-042 anterior a 12/09/2006, permite a un atacante remoto provocar denegaci\u00f3n de servicio(caida) o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una URL grande en un sitio web GZIP-codificado que fue el objetivo de una redirecci\u00f3n HTTP, debido a un arreglo incompleto del CVE-2006-3869." } ], "id": "CVE-2006-3873", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-09-12T23:07:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://research.eeye.com/html/advisories/published/AD20060912.html" }, { "source": "secure@microsoft.com", "url": "http://securityreason.com/securityalert/1555" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016839" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "URL Repurposed" ], "url": "http://weblog.infoworld.com/techwatch/archives/007870.html" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/30834" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/445835/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/19987" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://research.eeye.com/html/advisories/published/AD20060912.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1555" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016839" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "URL Repurposed" ], "url": "http://weblog.infoworld.com/techwatch/archives/007870.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/30834" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/445835/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19987" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-02-26 11:28
Modified
2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://lcamtuf.coredump.cx/ietrap | ||
cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html | ||
cve@mitre.org | http://secunia.com/advisories/23014 | Patch | |
cve@mitre.org | http://securityreason.com/securityalert/2291 | ||
cve@mitre.org | http://securitytracker.com/id?1018788 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/461023/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/461027/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/482366/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/482366/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/22680 | ||
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA07-282A.html | US Government Resource | |
cve@mitre.org | http://www.vupen.com/english/advisories/2007/0713 | ||
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/32647 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/32649 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lcamtuf.coredump.cx/ietrap | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23014 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/2291 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1018788 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/461023/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/461027/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/482366/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/482366/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22680 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-282A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0713 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/32647 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/32649 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers." }, { "lang": "es", "value": "Microsoft Internet Explorer 7 permite a atacantes remotos impedir a los usuarios dejar un sitio, simular la barra de direcciones y llevar a cabo ataques de tipo phishing u otros mediante un gestor de eventos Javascript onUnload." } ], "id": "CVE-2007-1091", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-02-26T11:28:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lcamtuf.coredump.cx/ietrap" }, { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://secunia.com/advisories/23014" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2291" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018788" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22680" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0713" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lcamtuf.coredump.cx/ietrap" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://secunia.com/advisories/23014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2291" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018788" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22680" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0713" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://securitytracker.com/id?1013126 | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/823971 | Patch, US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/bid/12427 | Exploit, Patch | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA05-039A.html | Patch, US Government Resource | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/19137 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1013126 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/823971 | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/12427 | Exploit, Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA05-039A.html | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/19137 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the \"Channel Definition Format (CDF) Cross Domain Vulnerability.\"" } ], "id": "CVE-2005-0056", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2005-05-02T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1013126" }, { "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/823971" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/12427" }, { "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1013126" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/823971" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/12427" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/13251/ | ||
cve@mitre.org | http://secunia.com/advisories/22628 | ||
cve@mitre.org | http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ | Vendor Advisory | |
cve@mitre.org | http://secunia.com/secunia_research/2004-13/advisory/ | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/449917/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/11855 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/13251/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22628 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2004-13/advisory/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/449917/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11855 | Exploit, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.2.3 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 7.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.2.3:*:macintosh:*:*:*:*:*", "matchCriteriaId": "EB51F2D6-3CCA-4695-8A92-39999749B3DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7.0:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "DF4D6428-CD8B-4155-A876-89B0938AC02E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable." } ], "id": "CVE-2004-1155", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/13251/" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/22628" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/" }, { "source": "cve@mitre.org", "url": "http://secunia.com/secunia_research/2004-13/advisory/" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11855" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/13251/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22628" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/secunia_research/2004-13/advisory/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11855" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-08 23:04
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.
References
▶ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://secunia.com/advisories/21396 | Vendor Advisory | |
secure@microsoft.com | http://securityreason.com/securityalert/1343 | ||
secure@microsoft.com | http://securitytracker.com/id?1016663 | ||
secure@microsoft.com | http://www.kb.cert.org/vuls/id/262004 | Patch, US Government Resource | |
secure@microsoft.com | http://www.osvdb.org/27854 | ||
secure@microsoft.com | http://www.securityfocus.com/archive/1/442578/100/0/threaded | ||
secure@microsoft.com | http://www.securityfocus.com/bid/19316 | ||
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA06-220A.html | Patch, US Government Resource | |
secure@microsoft.com | http://www.vupen.com/english/advisories/2006/3212 | Vendor Advisory | |
secure@microsoft.com | http://www.zerodayinitiative.com/advisories/ZDI-06-026.html | ||
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21396 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/1343 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016663 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/262004 | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27854 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/442578/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19316 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-220A.html | Patch, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3212 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-06-026.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "FED6949F-54D0-4D36-B6A8-59EBFA2611E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when \"multiple imports are used on a styleSheets collection\" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors." }, { "lang": "es", "value": "Microsoft Internet Explorer 5 SP4 y 6 no recogen adecuadamente la basura cuando \"se utilizan m\u00faltiples importaciones en una colecci\u00f3n de hojas de estilo\" para construir una cadena de Hojas de Estilo en Cascada (CSS), lo cual permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados." } ], "id": "CVE-2006-3451", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-08-08T23:04:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21396" }, { "source": "secure@microsoft.com", "url": "http://securityreason.com/securityalert/1343" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016663" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/262004" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/27854" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/442578/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/19316" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21396" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1343" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016663" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/262004" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27854" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/442578/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19316" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/3212" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.osvdb.org/7887 | ||
cve@mitre.org | http://www.securityfocus.com/bid/8565 | Exploit, Patch, Vendor Advisory | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/13300 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/7887 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/8565 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/13300 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page." }, { "lang": "es", "value": "Internet Explorer 5.01 a 6.0 no maneja adecuadamente etiquetas \"object\" devueltas por un servidor Web durante un una asociaci\u00f3n de datos XML, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un correo electr\u00f3nico HTML o una p\u00e1gina web." } ], "id": "CVE-2003-0809", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-11-17T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.osvdb.org/7887" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/8565" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13300" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/7887" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/8565" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13300" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }