Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2006-4692 | 5.1 |
Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slas
|
13-02-2024 - 17:50 | 10-10-2006 - 22:07 | |
CVE-2007-1751 | 9.3 |
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corrupti
|
28-02-2022 - 16:50 | 12-06-2007 - 19:30 | |
CVE-2007-5347 | 6.8 |
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
|
23-07-2021 - 15:06 | 12-12-2007 - 00:46 | |
CVE-2007-5344 | 6.8 |
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption
|
23-07-2021 - 15:06 | 12-12-2007 - 00:46 | |
CVE-2007-3892 | 7.5 |
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.
|
23-07-2021 - 15:06 | 09-10-2007 - 22:17 | |
CVE-2007-3903 | 6.8 |
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-
|
23-07-2021 - 15:06 | 12-12-2007 - 00:46 | |
CVE-2007-3902 | 9.3 |
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property o
|
23-07-2021 - 15:06 | 12-12-2007 - 00:46 | |
CVE-2007-3893 | 6.8 |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.
|
23-07-2021 - 15:06 | 09-10-2007 - 22:17 | |
CVE-2006-2766 | 2.6 |
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via
|
23-07-2021 - 15:06 | 02-06-2006 - 10:18 | |
CVE-2007-2222 | 9.3 |
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object tha
|
23-07-2021 - 15:05 | 12-06-2007 - 19:30 | |
CVE-2007-3027 | 9.3 |
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation V
|
23-07-2021 - 15:05 | 12-06-2007 - 19:30 | |
CVE-2007-2221 | 9.3 |
Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 o
|
23-07-2021 - 15:05 | 08-05-2007 - 23:19 | |
CVE-2006-4697 | 9.3 |
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
|
23-07-2021 - 15:05 | 13-02-2007 - 22:28 | |
CVE-2007-0946 | 9.3 |
Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the fir
|
23-07-2021 - 15:05 | 08-05-2007 - 23:19 | |
CVE-2007-0945 | 9.3 |
Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corrupt
|
23-07-2021 - 15:05 | 08-05-2007 - 23:19 | |
CVE-2007-0218 | 9.3 |
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.
|
23-07-2021 - 15:05 | 12-06-2007 - 19:30 | |
CVE-2007-1750 | 9.3 |
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.
|
23-07-2021 - 15:05 | 12-06-2007 - 19:30 | |
CVE-2007-0219 | 10.0 |
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue th
|
23-07-2021 - 15:05 | 13-02-2007 - 23:28 | |
CVE-2007-0024 | 9.3 |
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted
|
23-07-2021 - 15:05 | 09-01-2007 - 23:28 | |
CVE-2007-0947 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of
|
23-07-2021 - 15:05 | 08-05-2007 - 23:19 | |
CVE-2007-0942 | 9.3 |
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls,
|
23-07-2021 - 15:05 | 08-05-2007 - 23:19 | |
CVE-2007-3041 | 9.3 |
Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "Active
|
23-07-2021 - 15:04 | 14-08-2007 - 21:17 | |
CVE-2007-3826 | 9.3 |
Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, bu
|
23-07-2021 - 15:04 | 17-07-2007 - 21:30 | |
CVE-2007-2216 | 9.3 |
The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a cr
|
23-07-2021 - 15:04 | 14-08-2007 - 21:17 | |
CVE-2007-1749 | 9.3 |
Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer siz
|
23-07-2021 - 15:04 | 14-08-2007 - 22:17 | |
CVE-2006-3450 | 7.5 |
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain
|
23-07-2021 - 12:55 | 08-08-2006 - 23:04 | |
CVE-2006-3281 | 5.1 |
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and w
|
23-07-2021 - 12:55 | 28-06-2006 - 22:05 | |
CVE-2006-3730 | 9.3 |
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which
|
23-07-2021 - 12:55 | 21-07-2006 - 14:03 | |
CVE-2006-4868 | 9.3 |
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Marku
|
23-07-2021 - 12:55 | 19-09-2006 - 19:07 | |
CVE-2006-3280 | 7.5 |
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies
|
23-07-2021 - 12:55 | 28-06-2006 - 22:05 | |
CVE-2006-3357 | 7.5 |
Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field
|
23-07-2021 - 12:55 | 06-07-2006 - 20:05 | |
CVE-2006-3638 | 7.5 |
Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the
|
23-07-2021 - 12:55 | 08-08-2006 - 23:04 | |
CVE-2007-1091 | 6.8 |
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
|
23-07-2021 - 12:55 | 26-02-2007 - 11:28 | |
CVE-2004-1166 | 7.5 |
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the com
|
23-07-2021 - 12:55 | 31-12-2004 - 05:00 | |
CVE-2007-0217 | 10.0 |
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, wh
|
23-07-2021 - 12:55 | 13-02-2007 - 22:28 | |
CVE-2006-3637 | 5.1 |
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML R
|
23-07-2021 - 12:19 | 08-08-2006 - 23:04 | |
CVE-2006-4687 | 5.1 |
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulner
|
23-07-2021 - 12:19 | 14-11-2006 - 21:07 | |
CVE-2007-0944 | 9.3 |
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute
|
23-07-2021 - 12:19 | 08-05-2007 - 23:19 | |
CVE-2009-0550 | 9.3 |
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on
|
23-07-2021 - 12:19 | 15-04-2009 - 08:00 | |
CVE-2006-3639 | 7.5 |
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted
|
23-07-2021 - 12:18 | 09-08-2006 - 00:04 | |
CVE-2006-3640 | 5.0 |
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Dis
|
23-07-2021 - 12:18 | 09-08-2006 - 00:04 | |
CVE-2006-5581 | 9.3 |
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script F
|
23-07-2021 - 12:16 | 12-12-2006 - 20:28 | |
CVE-2006-5579 | 9.3 |
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerabi
|
23-07-2021 - 12:16 | 12-12-2006 - 20:28 | |
CVE-2006-0026 | 6.5 |
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).
|
23-11-2020 - 19:49 | 11-07-2006 - 22:05 | |
CVE-2006-6696 | 6.9 |
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Serv
|
30-04-2019 - 14:27 | 22-12-2006 - 02:28 | |
CVE-2006-3443 | 7.2 |
Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulner
|
30-04-2019 - 14:27 | 09-08-2006 - 01:04 | |
CVE-2006-0032 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, w
|
30-04-2019 - 14:27 | 12-09-2006 - 23:07 | |
CVE-2007-3034 | 9.3 |
Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length va
|
26-02-2019 - 14:04 | 14-08-2007 - 21:17 | |
CVE-2009-0086 | 10.0 |
Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in
|
26-02-2019 - 14:04 | 15-04-2009 - 08:00 | |
CVE-2009-0089 | 5.8 |
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a differe
|
26-02-2019 - 14:04 | 15-04-2009 - 08:00 | |
CVE-2009-0084 | 9.3 |
Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is
|
26-02-2019 - 14:04 | 15-04-2009 - 08:00 | |
CVE-2004-0790 | 5.0 |
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have
|
30-10-2018 - 16:26 | 12-04-2005 - 04:00 | |
CVE-2007-0064 | 9.3 |
Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a c
|
30-10-2018 - 16:25 | 12-12-2007 - 00:46 | |
CVE-2005-0688 | 5.0 |
Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence o
|
19-10-2018 - 15:31 | 05-03-2005 - 05:00 | |
CVE-2004-0230 | 5.0 |
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that u
|
19-10-2018 - 15:30 | 18-08-2004 - 04:00 | |
CVE-2006-3445 | 7.5 |
Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which resu
|
18-10-2018 - 16:47 | 14-11-2006 - 21:07 | |
CVE-2006-3448 | 9.3 |
Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl
|
18-10-2018 - 16:47 | 13-02-2007 - 20:28 | |
CVE-2006-3451 | 7.5 |
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via uns
|
18-10-2018 - 16:47 | 08-08-2006 - 23:04 | |
CVE-2006-3311 | 5.1 |
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
|
18-10-2018 - 16:46 | 12-09-2006 - 23:07 | |
CVE-2006-3086 | 9.3 |
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as
|
18-10-2018 - 16:45 | 19-06-2006 - 19:02 | |
CVE-2006-2372 | 10.0 |
Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
|
18-10-2018 - 16:39 | 11-07-2006 - 21:05 | |
CVE-2006-2386 | 6.8 |
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. If a end user is logged on with administrative user rights, an a
|
18-10-2018 - 16:39 | 13-12-2006 - 01:28 | |
CVE-2006-2111 | 4.3 |
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cr
|
18-10-2018 - 16:38 | 01-05-2006 - 19:06 | |
CVE-2006-1315 | 5.0 |
The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are
|
18-10-2018 - 16:32 | 11-07-2006 - 21:05 | |
CVE-2006-1314 | 7.5 |
Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages th
|
18-10-2018 - 16:32 | 11-07-2006 - 21:05 | |
CVE-2006-6797 | 6.6 |
The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a differe
|
17-10-2018 - 21:49 | 28-12-2006 - 15:28 | |
CVE-2006-5583 | 10.0 |
Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerabilit
|
17-10-2018 - 21:43 | 12-12-2006 - 20:28 | |
CVE-2006-5577 | 4.3 |
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure V
|
17-10-2018 - 21:43 | 12-12-2006 - 20:28 | |
CVE-2006-5578 | 2.6 |
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulne
|
17-10-2018 - 21:43 | 12-12-2006 - 20:28 | |
CVE-2006-4777 | 7.6 |
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary cod
|
17-10-2018 - 21:39 | 14-09-2006 - 00:07 | |
CVE-2006-4696 | 9.0 |
Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
|
17-10-2018 - 21:39 | 10-10-2006 - 22:07 | |
CVE-2006-4446 | 5.0 |
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first
|
17-10-2018 - 21:37 | 30-08-2006 - 01:04 | |
CVE-2006-3942 | 7.8 |
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, w
|
17-10-2018 - 21:32 | 31-07-2006 - 23:04 | |
CVE-2007-2225 | 4.3 |
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer
|
16-10-2018 - 16:42 | 12-06-2007 - 20:30 | |
CVE-2007-2224 | 9.3 |
Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextN
|
16-10-2018 - 16:42 | 14-08-2007 - 21:17 | |
CVE-2007-2219 | 9.3 |
Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
|
16-10-2018 - 16:42 | 12-06-2007 - 20:30 | |
CVE-2007-2228 | 7.8 |
rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of serv
|
16-10-2018 - 16:42 | 09-10-2007 - 22:17 | |
CVE-2007-2218 | 9.3 |
Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that a
|
16-10-2018 - 16:42 | 12-06-2007 - 19:30 | |
CVE-2007-2227 | 4.3 |
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domai
|
16-10-2018 - 16:42 | 12-06-2007 - 21:30 | |
CVE-2007-1205 | 9.3 |
Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
|
16-10-2018 - 16:37 | 10-04-2007 - 21:19 | |
CVE-2007-1204 | 6.8 |
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger mem
|
16-10-2018 - 16:37 | 10-04-2007 - 21:19 | |
CVE-2007-3895 | 9.3 |
Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.
|
15-10-2018 - 21:31 | 12-12-2007 - 00:46 | |
CVE-2007-0214 | 9.3 |
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
|
12-10-2018 - 21:42 | 13-02-2007 - 20:28 | |
CVE-2007-0211 | 7.2 |
The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of
|
12-10-2018 - 21:42 | 13-02-2007 - 20:28 | |
CVE-2007-0025 | 9.3 |
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers
|
12-10-2018 - 21:42 | 13-02-2007 - 20:28 | |
CVE-2007-0026 | 7.6 |
The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
|
12-10-2018 - 21:42 | 13-02-2007 - 20:28 | |
CVE-2006-4640 | 6.8 |
Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.
|
12-10-2018 - 21:41 | 12-09-2006 - 23:07 | |
CVE-2006-3440 | 10.0 |
Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
|
12-10-2018 - 21:40 | 09-08-2006 - 01:04 | |
CVE-2006-3438 | 9.3 |
Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file contain
|
12-10-2018 - 21:40 | 09-08-2006 - 00:04 | |
CVE-2006-3587 | 5.1 |
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.
|
12-10-2018 - 21:40 | 13-07-2006 - 21:05 | |
CVE-2006-3648 | 7.6 |
Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly
|
12-10-2018 - 21:40 | 09-08-2006 - 01:04 | |
CVE-2006-3014 | 5.1 |
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens
|
12-10-2018 - 21:40 | 22-06-2006 - 00:06 | |
CVE-2006-3441 | 10.0 |
Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue,
|
12-10-2018 - 21:40 | 09-08-2006 - 01:04 | |
CVE-2006-3588 | 2.6 |
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.
|
12-10-2018 - 21:40 | 13-07-2006 - 21:05 | |
CVE-2006-3439 | 10.0 |
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-
|
12-10-2018 - 21:40 | 09-08-2006 - 01:04 | |
CVE-2006-1311 | 9.3 |
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute ar
|
12-10-2018 - 21:39 | 13-02-2007 - 20:28 |