Vulnerabilites related to microsoft - ie
Vulnerability from fkie_nvd
Published
2003-06-16 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en Microsoft Internet Explorer 5.01, 5.5, y 6.0 permite que atacantes remotos ejecuten c\u00f3digo arbitrario mediante un caracter \"/\" (barra inclinada) en la propiedad Type de un tag Object en una p\u00e1gina web." } ], "id": "CVE-2003-0344", "lastModified": "2024-11-20T23:44:31.260", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-06-16T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/8943" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/679556" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/8943" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/679556" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
avaya | ip600_media_servers | * | |
microsoft | ie | 6.0 | |
avaya | definity_one_media_server | * | |
avaya | s8100 | * | |
avaya | modular_messaging_message_storage_server | s3400 | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*", "matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*", "matchCriteriaId": "9BFF29C7-E5AA-44EB-B1A9-602B3692D893", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "matchCriteriaId": "CA7BA525-6DB8-4444-934A-932AFED69816", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "matchCriteriaId": "90CFA69B-7814-4F97-A14D-D76310065CF3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "matchCriteriaId": "AB6ADBAF-6EB0-4CFA-9D33-A814AC20484E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share." }, { "lang": "es", "value": "Vulnerabilidad basada en la pila en el Programador de Tareas de Windows 2000 y XP, e Internet Explorer 6 en Windows NT 4.0 permite a atacantes remotos o locales ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero .job conteniendo par\u00e1metros grandes, como se ha demostrado utlizando Internet Explorer y accediendo a un fichero .job en una carpeta de red compartida an\u00f3nimamente." } ], "id": "CVE-2004-0212", "lastModified": "2024-11-20T23:48:00.947", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-08-06T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=108981273009250\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=108981403025596\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/12060" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/228028" }, { "source": "cve@mitre.org", "url": "http://www.ngssoftware.com/advisories/mstaskjob.txt" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16591" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=108981273009250\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=108981403025596\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/12060" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/228028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ngssoftware.com/advisories/mstaskjob.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16591" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-12-20 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "C26125C2-2476-43E8-8878-8C1A5A8B244F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window." }, { "lang": "es", "value": "MS Internet Explorer para Unix 5.0SP1 permite a usuarios locales forzar una denegraci\u00f3n de servicio (crash) tanto en CDE como en servidor X de Solaris 2.6 a trav\u00e9s de maximizar la ventana o mostrar r\u00e1pidamente caracteres chinos." } ], "id": "CVE-2001-1218", "lastModified": "2024-11-20T23:37:10.600", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-12-20T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/246611" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/3729" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/246611" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/3729" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-07-03 21:30
Modified
2024-11-21 00:33
Severity ?
Summary
Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [ { "sourceIdentifier": "cve@mitre.org", "tags": [ "disputed" ] } ], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka \"Internet Explorer Zone Domain Specification Dos and Page Suppressing\". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated" }, { "lang": "es", "value": "** EN DISPUTA ** Microsoft Internet Explorer versi\u00f3n 6.0 y versi\u00f3n 7.0 permite a atacantes remotos rellenar Zonas con dominios de su elecci\u00f3n utilizando determinados metacaracteres tales como comodines mediante JavaScript, lo cual resulta en una denegaci\u00f3n de servicio (supresi\u00f3n de sitios web y agotamiento de recursos), tambi\u00e9n conocida como \"Internet Explorer Zone Domain Specification Dos and Page Suppressing\". NOTA: esta cuesti\u00f3n ha sido discutida por una tercera parte, la cual establece que la configuraci\u00f3n de la zona no puede ser manipulada." } ], "id": "CVE-2007-3550", "lastModified": "2024-11-21T00:33:30.673", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-07-03T21:30:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/45814" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2855" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.secniche.org/advisory/Internet_Dos_Adv.pdf" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/472651/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/473662" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/485536/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/24744" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35455" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/45814" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2855" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.secniche.org/advisory/Internet_Dos_Adv.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/472651/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/473662" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485536/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/24744" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35455" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:frontpage:97:*:*:*:*:*:*:*", "matchCriteriaId": "74459B0D-BF34-4F46-BE89-7D720EA520EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:frontpage:98:*:*:*:*:*:*:*", "matchCriteriaId": "A5F2F998-5866-4DA7-88CF-7987E971947E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:3.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "731F2F05-A1BB-4BE8-B761-EE04ED6ABBE1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values." } ], "id": "CVE-2004-2179", "lastModified": "2024-11-20T23:52:41.643", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/378431" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/378619" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/11412" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/378431" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/378619" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/11412" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-12-11 05:00
Modified
2024-11-20 23:33
Severity ?
Summary
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.x:*:*:*:*:*:*:*", "matchCriteriaId": "45091F51-BA28-4FEB-9F84-58AC2E1DB48F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*", "matchCriteriaId": "B0DCFCBD-8EDF-47B5-823F-5E05CD22AF4F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer\u0027s security settings and execute arbitrary commands via a malicious web page or email, aka the \"Microsoft VM ActiveX Component\" vulnerability." } ], "id": "CVE-2000-1061", "lastModified": "2024-11-20T23:33:55.263", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2000-12-11T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-02-19 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka \"Improper Cross Domain Security Validation with dialog box.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos evitar el modelo de seguridad entre dominios (cros-domain) para correr script malicioso o programas arbitrarios mediante cuadros de d\u00ed\u00e1logo. Tambi\u00e9n conocida como \"Validac\u00edon de Seguridad Entre Dominios inapropiada con cuadro de di\u00e1logo\"." } ], "id": "CVE-2003-1326", "lastModified": "2024-11-20T23:46:52.760", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-02-19T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/n-038.shtml" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11258.php" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6779" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/n-038.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11258.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6779" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2011-06-03 17:55
Modified
2024-11-21 01:28
Severity ?
Summary
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 9 | |
microsoft | internet_explorer | * | |
microsoft | internet_explorer | 3.0 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 5 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 8 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:9:beta:*:*:*:*:*:*", "matchCriteriaId": "4594B15E-22ED-4DDE-B35A-2CF8F4629729", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FF2A1DF-843B-4276-AC4E-EF6BC3CACCA9", "versionEndIncluding": "9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue, aka \"Drag and Drop Information Disclosure Vulnerability.\" NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release." }, { "lang": "es", "value": "Microsoft Internet Explorer versi\u00f3n 9 y anteriores, no restringen apropiadamente las acciones de arrastrar y soltar en zona cruzada, lo que permite a los atacantes remotos asistidos por el usuario leer archivos de cookies por medio de vectores que involucran un elemento IFRAME con un atributo SRC que contiene una URL http: que redirecciona hacia URL file:, como es demostrado por un juego de Facebook, relacionado con un problema de \"cookiejacking\", tambi\u00e9n se conoce como \"Drag and Drop Information Disclosure Vulnerability\". NOTA: esta vulnerabilidad se presenta debido a una correcci\u00f3n incompleta en la versi\u00f3n 9 de Internet Explorer." } ], "id": "CVE-2011-2383", "lastModified": "2024-11-21T01:28:10.710", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2011-06-03T17:55:00.840", "references": [ { "source": "cve@mitre.org", "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" }, { "source": "cve@mitre.org", "url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt" }, { "source": "cve@mitre.org", "url": "http://news.cnet.com/8301-1009_3-20066419-83.html" }, { "source": "cve@mitre.org", "url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" }, { "source": "cve@mitre.org", "url": "http://www.informationweek.com/news/security/vulnerabilities/229700031" }, { "source": "cve@mitre.org", "url": "http://www.networkworld.com/community/node/74259" }, { "source": "cve@mitre.org", "url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" }, { "source": "cve@mitre.org", "url": "http://www.youtube.com/watch?v=V95CX-3JpK0" }, { "source": "cve@mitre.org", "url": "http://www.youtube.com/watch?v=VsSkcnIFCxM" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820" }, { "source": "cve@mitre.org", "url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://news.cnet.com/8301-1009_3-20066419-83.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.informationweek.com/news/security/vulnerabilities/229700031" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.networkworld.com/community/node/74259" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.youtube.com/watch?v=V95CX-3JpK0" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.youtube.com/watch?v=VsSkcnIFCxM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-07-21 14:03
Modified
2024-11-21 00:14
Severity ?
Summary
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy." }, { "lang": "es", "value": "Desbordamiento de entero en Microsoft Internet Explorer 6 sobre Windows XP SP2 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s deun argumento 0x7fffffff en el m\u00e9todo setSlice sobre un objeto ActiveX WebViewFolderIcon, el cual dar\u00e1 lugar a una copia de memoria no v\u00e1lida." } ], "id": "CVE-2006-3730", "lastModified": "2024-11-21T00:14:17.493", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-07-21T14:03:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html" }, { "source": "cve@mitre.org", "url": "http://isc.sans.org/diary.php?storyid=1742" }, { "source": "cve@mitre.org", "url": "http://riosec.com/msie-setslice-vuln" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22159" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016941" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/753044" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/27110" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19030" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2882" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339" }, { "source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/2440" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://isc.sans.org/diary.php?storyid=1742" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://riosec.com/msie-setslice-vuln" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22159" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016941" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/753044" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27110" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/19030" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2882" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/2440" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-12-12 00:46
Modified
2024-11-21 00:37
Severity ?
Summary
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.x | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.2.3 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0.5730.11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*", "matchCriteriaId": "B0DCFCBD-8EDF-47B5-823F-5E05CD22AF4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of \"Uninitialized Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer versiones 5.01 hasta 7, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un sitio web dise\u00f1ado usando Javascript que crea, modifica, elimina y accede a objetos de documento utilizando la propiedad tags, que desencadena una corrupci\u00f3n de pila, relacionada con objetos no inicializados o eliminados, un problema diferente de CVE-2007-3902 y CVE-2007-3903, y una variante de \"Uninitialized Memory Corruption Vulnerability\"." } ], "id": "CVE-2007-5344", "lastModified": "2024-11-21T00:37:41.947", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-12-12T00:46:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28036" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1019078" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/484890/100/100/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/26817" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-075.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38715" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28036" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1019078" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/484890/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26817" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/4184" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-075.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38715" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-10-26 17:07
Modified
2024-11-21 00:19
Severity ?
Summary
Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL." }, { "lang": "es", "value": "Vulnerabilidad de truncamiento visual en Microsoft Internet Explorer 7 permite a atacantes remotos suplantar la barra de direcciones y posiblemente conducir ataques de phising mediante una URL maliciosa que contiene espacios non-breaking (%A0), y que causa que la barra de direcciones omita algunos caracteres de la URL." } ], "id": "CVE-2006-5544", "lastModified": "2024-11-21T00:19:40.027", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-10-26T17:07:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://secunia.com/advisories/22542" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017122" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/347188" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/30022" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/20728" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://secunia.com/advisories/22542" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017122" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/347188" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/30022" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/20728" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29827" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-07-10 21:00
Modified
2024-11-21 01:04
Severity ?
Summary
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 8.0b | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0.5730 | |
microsoft | internet_explorer | 7.0.5730.11 | |
microsoft | internet_explorer | 7.00.5730.1100 | |
microsoft | internet_explorer | 7.00.6000.16386 | |
microsoft | internet_explorer | 7.00.6000.16441 | |
microsoft | internet_explorer | 8.0.6001 | |
microsoft | internet_explorer | 8.0.6001 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:8.0b:*:*:*:*:*:*:*", "matchCriteriaId": "587DAAD1-F33D-41EB-B752-36B9D87FC19B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*", "matchCriteriaId": "817636ED-5E42-460E-89F1-24D5C64AB8BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*", "matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*", "matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*", "matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:*:*:*:*:*:*:*", "matchCriteriaId": "5F709B61-F64B-4E8F-80BB-4944485B6125", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", "matchCriteriaId": "612B8367-DAEF-4EE3-BC57-16A5CF4D3030", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en el m\u00e9todo AddFavorite en Microsoft Internet Explorer permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue de aplicaci\u00f3n) y posiblemente tiene otro impacto no especificado a trav\u00e9s de una URL larga en el primer argumento." } ], "id": "CVE-2009-2433", "lastModified": "2024-11-21T01:04:51.630", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-07-10T21:00:00.313", "references": [ { "source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/9100" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35620" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/9100" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35620" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-05-20 17:30
Modified
2024-11-21 01:15
Severity ?
Summary
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 8.0.7600.16385 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:8.0.7600.16385:*:*:*:*:*:*:*", "matchCriteriaId": "1B5A9719-9C14-4843-A6A9-CF4AF804B37D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements." }, { "lang": "es", "value": "Microsoft Internet Explorer v6.0.2900.2180, v7 y v8.0.7600.16385 ejecuta una aplicaci\u00f3n mail en situaciones d\u00f3nde un elemento IFRAME tiene un mailto: URL en su atributo SRC lo que permite a atacantes remotos provocar una denegaci\u00f3n del servicio (lanzamiento de demasiadas aplicaciones) a trav\u00e9s de un documento HTML con varios elementos IFRAME" } ], "id": "CVE-2010-1991", "lastModified": "2024-11-21T01:15:39.240", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-05-20T17:30:01.647", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://websecurity.com.ua/4206/" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/511327/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://websecurity.com.ua/4206/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/511327/100/0/threaded" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-02-26 11:28
Modified
2024-11-21 00:27
Severity ?
Summary
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers." }, { "lang": "es", "value": "Microsoft Internet Explorer 7 permite a atacantes remotos impedir a los usuarios dejar un sitio, simular la barra de direcciones y llevar a cabo ataques de tipo phishing u otros mediante un gestor de eventos Javascript onUnload." } ], "id": "CVE-2007-1091", "lastModified": "2024-11-21T00:27:29.547", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-02-26T11:28:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lcamtuf.coredump.cx/ietrap" }, { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://secunia.com/advisories/23014" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2291" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018788" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22680" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0713" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lcamtuf.coredump.cx/ietrap" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://secunia.com/advisories/23014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2291" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018788" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22680" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0713" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-08-10 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka \"COM Object Instantiation Memory Corruption Vulnerability,\" a different vulnerability than CVE-2005-2087." } ], "id": "CVE-2005-1990", "lastModified": "2024-11-20T23:58:33.730", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2005-08-10T04:00:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/16373/" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1014643" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/14511" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2005/1353" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/16373/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1014643" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959049" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/14511" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2005/1353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-07-19 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg." }, { "lang": "es", "value": "El descodificador de JPEG en Microsoft Internet Explorer permite que atacantes remotos causen una denegaci\u00f3n de servicio (consumo de CPU o ca\u00edda) y posiblemente ejecuten c\u00f3digo arbitrario mediante im\u00e1genes JPEG ama\u00f1adas. Queda demostrado usando (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, o (4) random.jpg." } ], "id": "CVE-2005-2308", "lastModified": "2024-11-20T23:59:16.240", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-07-19T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://lcamtuf.coredump.cx/crash" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/405298" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/14284" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/14285" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/14286" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://lcamtuf.coredump.cx/crash" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/405298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/14284" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/14285" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/14286" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "matchCriteriaId": "E69D0E21-8C62-403E-8097-2CA403CBBB1B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "matchCriteriaId": "5D42E51C-740A-4441-8BAF-D073111B984C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "matchCriteriaId": "74AD256D-4BCE-41FB-AD73-C5C63A59A06D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*", "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*", "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*", "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*", "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the \"Drag-and-Drop Vulnerability.\"" }, { "lang": "es", "value": "Internet Explorer 5.01, 5.5 y 6 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario mediante eventos de arrastrar y soltar, tambi\u00e9n conocidos como \"Vulnerabilidad de arrastrar y soltar\"." } ], "id": "CVE-2005-0053", "lastModified": "2024-11-20T23:54:18.220", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-05-02T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/698835" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/11466" }, { "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19117" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1334" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2046" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2953" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3006" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4726" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/698835" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/11466" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19117" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1334" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2953" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3006" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4726" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4864" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the \"Function Pointer Override Cross Domain\" vulnerability." }, { "lang": "es", "value": "Internet Explorer 6 SP1 y anteriores permite que atacantes remotos se salten restricciones de seguridad y lean ficheros arbitrario mediante (1) modificando el m\u00e9todo createTextRange y usando CreateLink, como se demuestra usando LinkillerSaveRef, LinkillerJPU, yLinkiller. Y (2) modificando el m\u00e9todo createRange y usando el di\u00e1logo FIND para seleccionar texto, como se demuestra usando Findeath. Tambi\u00e9n se la conoce como vulnerabilidad \"\"Function Pointer Override Cross Domain\"\"." } ], "id": "CVE-2003-0815", "lastModified": "2024-11-20T23:45:34.927", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-02-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106321757619047\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106322542104656\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/10192" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1007687" }, { "source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/o-021.shtml" }, { "source": "cve@mitre.org", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/7888" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/7889" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/337086" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9014" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13676" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106321757619047\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106322542104656\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/10192" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1007687" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/o-021.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/7888" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/7889" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/337086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13676" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object." }, { "lang": "es", "value": "Internet Explorer 5.01 hasta la 6 SP1 permite que atacantes remotos se salten restricciones de seguirdad y lean ficheros arbitrarios mediante objetos XML." } ], "id": "CVE-2003-0817", "lastModified": "2024-11-20T23:45:35.323", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-02-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/10192" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9012" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/10192" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-07-07 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference." }, { "lang": "es", "value": "Internet Explorer 6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante Javascritp que crea una ventana emergente y desactiva la funcionalidad imagetoolbar con una etiqueta META, lo que dispara una desreferencia nula." } ], "id": "CVE-2004-0479", "lastModified": "2024-11-20T23:48:40.530", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-07-07T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=vuln-dev\u0026m=108457938412310\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=vuln-dev\u0026m=108476938219070\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=vuln-dev\u0026m=108457938412310\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=vuln-dev\u0026m=108476938219070\u0026w=2" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-31 22:04
Modified
2024-11-21 00:16
Severity ?
Summary
Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | windows_2003_server | 2000_server | |
microsoft | windows_2003_server | 2000_server | |
microsoft | windows_2003_server | 2000_server | |
microsoft | windows_2003_server | 2000_server | |
microsoft | windows_2003_server | 2000_server | |
microsoft | windows_2003_server | advanced_server | |
microsoft | windows_2003_server | advanced_server | |
microsoft | windows_2003_server | advanced_server | |
microsoft | windows_2003_server | advanced_server | |
microsoft | windows_2003_server | advanced_server | |
microsoft | windows_2003_server | datacenter_server | |
microsoft | windows_2003_server | datacenter_server | |
microsoft | windows_2003_server | datacenter_server | |
microsoft | windows_2003_server | datacenter_server | |
microsoft | windows_2003_server | datacenter_server | |
microsoft | windows_2003_server | professional | |
microsoft | windows_2003_server | professional | |
microsoft | windows_2003_server | professional | |
microsoft | windows_2003_server | professional | |
microsoft | windows_2003_server | professional |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:*:*:*:*:*:*:*", "matchCriteriaId": "553C7040-9ECE-49E6-BDCC-0332245A7A1A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp1:*:*:*:*:*:*", "matchCriteriaId": "FA294E0D-311B-40E8-8466-63FBDD8FCB40", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp2:*:*:*:*:*:*", "matchCriteriaId": "EB69D534-6038-4547-B7E2-5FA840C59854", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp3:*:*:*:*:*:*", "matchCriteriaId": "0A35703F-52A0-4D81-8807-4DDA0525A221", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp4:*:*:*:*:*:*", "matchCriteriaId": "5A9437E8-5174-443D-8B63-ECDBFC5210F2", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:*:*:*:*:*:*:*", "matchCriteriaId": "2D2E683F-73A6-4A6E-8397-33723DD7D2A1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp1:*:*:*:*:*:*", "matchCriteriaId": "69D0C8BE-7D47-4D00-97E0-B6DC592869E3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp2:*:*:*:*:*:*", "matchCriteriaId": "DDE05474-2770-41D5-837D-F3C82339117C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp3:*:*:*:*:*:*", "matchCriteriaId": "C47A03EA-E084-4B88-8773-D1983A1D7461", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp4:*:*:*:*:*:*", "matchCriteriaId": "F1D1B206-AF93-4FF2-BF5A-E4200461F3B4", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:*:*:*:*:*:*:*", "matchCriteriaId": "E1C0007B-BA9C-4F09-87EF-6FF1467EB0F7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp1:*:*:*:*:*:*", "matchCriteriaId": "674BF239-9A20-4DE0-AE16-35AFA53F02A9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp2:*:*:*:*:*:*", "matchCriteriaId": "85F8C7B3-E5F8-4A48-A5E7-D8E9326B6D23", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp3:*:*:*:*:*:*", "matchCriteriaId": "D340FE0B-4A20-4DF6-B4D2-C2E61EC2802E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp4:*:*:*:*:*:*", "matchCriteriaId": "29DAB69E-096D-44BB-9B21-DD95CE9DFB3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:*:*:*:*:*:*:*", "matchCriteriaId": "810F8F74-4E89-409D-9D40-318B3590EC1A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:sp1:*:*:*:*:*:*", "matchCriteriaId": "842FBB47-E16D-452E-A3C7-FEAD9977F017", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:sp2:*:*:*:*:*:*", "matchCriteriaId": "B94E5DAA-0970-460D-94A9-5C407E34C4C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:sp3:*:*:*:*:*:*", "matchCriteriaId": "F8F07665-1C59-438C-AFF8-58C76681CB6C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:sp4:*:*:*:*:*:*", "matchCriteriaId": "E14908DD-3C61-4F33-BCB4-6C2E57C87DA6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll." }, { "lang": "es", "value": "Microsoft Internet Explorer permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n instanciando ciertos objetos Windows 2000 ActiveX COM incluyendo (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, y (4) creator.dll." } ], "id": "CVE-2006-4495", "lastModified": "2024-11-21T00:16:05.953", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-08-31T22:04:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1474" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/443896/100/100/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19636" }, { "source": "cve@mitre.org", "url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=16" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28512" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1474" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/443896/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19636" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=16" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28512" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": false }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": false } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker\u0027s domain name is within the target\u0027s domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions." } ], "id": "CVE-2004-1527", "lastModified": "2024-11-20T23:51:06.700", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=110053968530613\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://secunia.com/advisories/13208" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/11680" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18073" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=110053968530613\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://secunia.com/advisories/13208" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/11680" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18073" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-06-02 10:18
Modified
2024-11-21 00:12
Severity ?
Summary
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file." } ], "id": "CVE-2006-2766", "lastModified": "2024-11-21T00:12:01.557", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-06-02T10:18:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20384" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016654" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/891204" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/25949" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/435492/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/435609/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/435616/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/18198" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2088" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26810" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20384" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016654" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/891204" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/25949" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/435492/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/435609/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/435616/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/18198" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2088" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26810" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window\u0027s \"href\" to the malicious Javascript, then calling execCommand(\"Refresh\") to refresh the page, aka BodyRefreshLoadsJPU or the \"ExecCommand Cross Domain\" vulnerability." }, { "lang": "es", "value": "Internet Explorer 6 SP1 y anteriores permiten que atacantes remotos se salten restricciones y ejecuten Javascript fijando el \"\"href\"\" al Javascript malicioso y a continuaci\u00f3n llamando al comando execCommand(\"\"Refresh\"\"). Tambi\u00e9n se la conoce como vulnerabilidad \"\"ExecCommand Cross Domain\"\" o BodyRefreshLoadsJPU ." } ], "id": "CVE-2003-0814", "lastModified": "2024-11-20T23:45:34.753", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-02-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/10192" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1007687" }, { "source": "cve@mitre.org", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/326412" }, { "source": "cve@mitre.org", "url": "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/337086" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/10192" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1007687" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/326412" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/337086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-23 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
kde | konqueror | 2.1.1 | |
kde | konqueror | 2.1.2 | |
kde | konqueror | 2.2.1 | |
kde | konqueror | 2.2.2 | |
kde | konqueror | 3.0 | |
kde | konqueror | 3.0.1 | |
kde | konqueror | 3.0.2 | |
kde | konqueror | 3.0.3 | |
kde | konqueror | 3.0.5 | |
kde | konqueror | 3.0.5b | |
kde | konqueror | 3.1 | |
kde | konqueror | 3.1.1 | |
kde | konqueror | 3.1.2 | |
kde | konqueror | 3.1.3 | |
kde | konqueror | 3.1.4 | |
kde | konqueror | 3.1.5 | |
kde | konqueror | 3.2.1 | |
kde | konqueror | 3.2.3 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
mozilla | firefox | 0.9.2 | |
suse | suse_linux | 1.0 | |
suse | suse_linux | 8 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "417F34FB-A6B0-4090-BDC9-6D4C1BF0D3D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "61416A22-7309-4890-80B8-6E7C09C7BE8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F918814C-F129-4534-921A-38AF678A7016", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D435E39F-4F70-481B-9225-B072B79BEB69", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "8AD68BAB-8945-4A22-938E-12C01D0111D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7B3220BF-B0AF-4C90-89BD-B425EE58021D", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FA53FB7A-AF7F-45B2-AF23-11B1FC4EC289", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "619EB7F6-8694-4344-A4C9-A35DA58391AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "7FED2DFC-592C-4FD3-B0B7-C670C78F56DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.0.5b:*:*:*:*:*:*:*", "matchCriteriaId": "9EC65385-B190-44BE-9AF8-B14F48303046", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F7BAE27-7AB1-4DBD-98AD-6109F0D9A458", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "AF8A54F6-96A9-44B8-97C8-50DA7276708D", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "1001754B-8EDB-41A2-9D5D-6E2A2B556DD0", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "C8D57D87-3E6A-4A73-85BA-EE679E9DA8D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "60BE888B-FE26-4378-B853-29995A55920C", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "99E4FC9B-F47C-4BD5-B2C7-23CBAD2D5488", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0172B167-5780-4F80-ACC9-2FB8B60D6717", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:konqueror:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "3C0DB31D-D075-409C-9ED9-A9E1D96332CA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*", "matchCriteriaId": "C7EAAD04-D7C4-43DE-B488-1AAD014B503E", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session. NOTE: it was later reported that 2.x is also affected." }, { "lang": "es", "value": "Mozilla Firefox 0.9.2 pemite a sitios web establecer cookies para dominios de nivel superior espec\u00edficos de pa\u00edses, como .ltd.uk, .plc.uk, y .sch.uk, lo que podr\u00eda permitir a atacantes remotos realizar ataques de fijaci\u00f3n de sesi\u00f3n y secuestrar sesiones HTTP de un usuario. NOTA: se ha informado posteriormente que la versi\u00f3n 2.X tambi\u00e9n se encuentra afectada por esta vulnerabilidad." } ], "id": "CVE-2004-0867", "lastModified": "2024-11-20T23:49:34.703", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-23T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/12580/" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1011331" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11186" }, { "source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/12580/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1011331" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11186" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks." } ], "id": "CVE-2005-0500", "lastModified": "2024-11-20T23:55:16.630", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-05-02T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=full-disclosure\u0026m=110895997201027\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/14335" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/12602" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19452" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure\u0026m=110895997201027\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/14335" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/12602" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19452" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-03-02 21:18
Modified
2024-11-21 00:24
Severity ?
Summary
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 7 | |
microsoft | ie | 7 | |
microsoft | ie | 7 | |
microsoft | ie | 7 | |
microsoft | ie | 7.0 | |
microsoft | ie | 7.0 | |
microsoft | ie | 7.0 | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 6.0 | |
microsoft | internet_explorer | 6.0.2600 | |
microsoft | internet_explorer | 6.0.2800 | |
microsoft | internet_explorer | 6.0.2800.1106 | |
microsoft | internet_explorer | 6.0.2900 | |
microsoft | internet_explorer | 6.0.2900.2180 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
microsoft | internet_explorer | 7.0 | |
canon | network_camera_server_vb101 | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:*:microsoft_windows_server_2003_sp1:*:*:*:*:*", "matchCriteriaId": "12D23F59-5C49-4DE0-85E8-15287140660D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "CD115D64-87D8-4868-B247-16B83591B7FE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "11A09F26-5FE3-4879-9FCB-769F8FB3D067", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*", "matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*", "matchCriteriaId": "B1D7486F-1B6C-4705-B73C-F763F36F5150", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*", "matchCriteriaId": "6DBFDCF4-ACC7-4196-BA4D-2A35FAA5E1F0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*", "matchCriteriaId": "5E49636B-A425-4595-9663-A22A9F7C7D30", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*", "matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*", "matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*", "matchCriteriaId": "3665D68D-8E1E-4FA9-97B9-9E099DDE84F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server:*:*:*:*:*", "matchCriteriaId": "8D4BD1B0-8A91-4ED2-9C0D-BF87D18A01C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windowsxp:*:*:*:*:*", "matchCriteriaId": "DACE76B0-02BC-4624-A21E-405A893D7437", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_2000:*:*:*:*:*", "matchCriteriaId": "09A21D9F-6F51-4761-B7DB-E79CE60A0E09", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_xp:*:*:*:*:*", "matchCriteriaId": "BA04D0A1-23AE-4C0F-8FE3-FD88D75CDA03", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:windows_xp:*:*:*:*:*", "matchCriteriaId": "B0BFE49F-932B-469C-9B3C-5011D093E1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "A53E9D33-ECCD-428B-A117-3EB04B9554C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:*:windows_server_2003:*:*:*:*:*", "matchCriteriaId": "5B5F31E2-2060-45BC-9724-A447544905E0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "73C3794B-E4B8-4AFB-9025-EDC5A2F44586", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "574EE6CB-7AF4-4DE2-B668-36BBCB19FCC1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "BE2858A5-C9BF-40D8-B3D2-056562BF1C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "4A33815E-5D85-4F0E-A4D1-DB31A64C8801", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7.0:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "DF4D6428-CD8B-4155-A876-89B0938AC02E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference." }, { "lang": "es", "value": "Microsoft Internet Explorer permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de un IFRAME con ciertos archivos XML y plantillas de estilo XSL que disparan una cauda en mshtml.dll cuando un se llama se solicita un refresco de cotenido, probablemente a un puntero de referencia nula." } ], "id": "CVE-2006-7065", "lastModified": "2024-11-21T00:24:18.263", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-03-02T21:18:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/19364" }, { "source": "cve@mitre.org", "url": "http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/19364" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2024-11-20 23:43
Severity ?
Summary
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en URLMON.DLL en Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una respuesta HTTP conteniendo valores largos en ciertos campos de cabecera." } ], "id": "CVE-2003-0113", "lastModified": "2024-11-20T23:43:59.303", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-05-12T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=105138417416900\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=105718285107246\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/169753" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=105138417416900\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=105718285107246\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/169753" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-03-17 10:19
Modified
2024-11-21 00:28
Severity ?
Summary
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_vista | * | |
microsoft | ie | 7.0 | |
microsoft | windows_xp | * | |
microsoft | ie | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer versi\u00f3n 7.0 en Windows XP y Vista, permite a los atacantes remotos conducir ataques de phishing y posiblemente ejecutar c\u00f3digo arbitrario por medio de un URI res: en el archivo navcancl.htm con una URL arbitraria como argumento, que muestra la URL en la barra de direcciones de la pagina \"Navigation Canceled\" e inyecta el script hacia el enlace \"Refresh the page\", tambi\u00e9n se conoce como \"Navigation Cancel Page Spoofing Vulnerability.\"" } ], "id": "CVE-2007-1499", "lastModified": "2024-11-21T00:28:27.863", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-03-17T10:19:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx" }, { "source": "cve@mitre.org", "url": "http://news.com.com/2100-1002_3-6167410.html" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/35352" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/24535" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/25627" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2448" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018235" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22966" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0946" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2153" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://news.com.com/2100-1002_3-6167410.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35352" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/24535" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/25627" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2448" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018235" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22966" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0946" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2153" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type \"text/html\" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion." } ], "id": "CVE-2002-1714", "lastModified": "2024-11-20T23:41:56.633", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://online.securityfocus.com/archive/1/268776" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/4564" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8904" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://online.securityfocus.com/archive/1/268776" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/4564" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8904" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-06-05 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "D0BDA2A8-EBB9-47AB-9DA0-5C24527F7210", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "5680FE7F-95EE-46B2-B930-4A3DC27FD1A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "ACC3A8B3-4E8C-46BD-965C-4EF655B9018D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "F7739338-DAE1-403F-B22C-2CFAC884E09A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "A7B6FB02-F15F-486D-8E7C-40830ABDB62F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*", "matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*", "matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different \"SSL Certificate Validation\" vulnerabilities." } ], "id": "CVE-2000-0518", "lastModified": "2024-11-20T23:32:41.260", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2000-06-05T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2000-10.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1309" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4624" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2000-10.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1309" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4624" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:05
Severity ?
Summary
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*", "matchCriteriaId": "14F55877-A759-4C8A-84D5-70508E449799", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar." } ], "id": "CVE-2005-4717", "lastModified": "2024-11-21T00:05:00.417", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/15268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/15268" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-11-03 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6 | |
microsoft | internet_explorer | 5.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the \"Plug-in Navigation Address Bar Spoofing Vulnerability.\"" }, { "lang": "es", "value": "Internet Explorer 5.5 y 6 no manejan adecuadamente la navegaci\u00f3n con complementos (plug-in), lo que permite a atacantes remotos alterar la barra de navegaci\u00f3n mostrada y suplantar p\u00e1ginas web, facilitando ataques de \"phising\", tambi\u00e9n conocida como \"Vulnerabilidad de suplantaci\u00f3n de la barra de direcci\u00f3nes en navegaci\u00f3n en complemento\"." } ], "id": "CVE-2004-0843", "lastModified": "2024-11-20T23:49:32.997", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-11-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/625616" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17655" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3949" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6313" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7095" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7194" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/625616" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17655" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3949" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6313" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7095" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7194" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-09-16 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\"" } ], "id": "CVE-2004-0869", "lastModified": "2024-11-20T23:49:34.857", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-09-16T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://securityfocus.com/archive/1/375407" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1011332" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://securityfocus.com/archive/1/375407" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1011332" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-06-13 19:06
Modified
2024-11-21 00:11
Severity ?
Summary
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*", "matchCriteriaId": "480D8321-EB2F-4626-A16B-F3C2B771EDB3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*", "matchCriteriaId": "E3538DA2-B040-426D-9ADC-7C5BE9C2D4E4", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "3F633513-6E9A-4F2D-964A-6AFDE5307AD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*", "matchCriteriaId": "4ED8947F-2490-41CA-A7B3-2C93D69C3F8E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*", "matchCriteriaId": "E6E3EB90-92C9-4B69-B58C-087D382DC579", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "F3AF27C8-C2FA-477D-8332-B96277530B4E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*", "matchCriteriaId": "BB1CE6C6-6E6E-4C4E-A7B1-DC6651864298", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*", "matchCriteriaId": "4E9E190B-A109-4177-A5B5-7BD32573762E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*", "matchCriteriaId": "709E6DA0-09F8-4EAB-B1B2-D4D0A7771AC1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*", "matchCriteriaId": "4B5F54BB-A80E-42F2-A700-82C1240E23D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "A3AC387D-BB23-4EB9-A7DA-6E3F5CD8EFD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*", "matchCriteriaId": "76BDFB16-D71F-4E33-83FD-F0F2AE2FAE7F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*", "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*", "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*", "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*", "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption." } ], "id": "CVE-2006-2378", "lastModified": "2024-11-21T00:11:11.217", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-06-13T19:06:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20605" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016292" }, { "source": "secure@microsoft.com", "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/923236" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/26432" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/18394" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/2320" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26809" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20605" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016292" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/923236" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26432" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/18394" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2320" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26809" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-02-12 23:00
Modified
2024-11-21 00:41
Severity ?
Summary
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:activex:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDEF84E6-3C24-4B73-96A4-467F5C03DB04", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*", "matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "574EE6CB-7AF4-4DE2-B668-36BBCB19FCC1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "BE2858A5-C9BF-40D8-B3D2-056562BF1C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_sp2:*:*:*:*:*", "matchCriteriaId": "75234062-241B-421A-B7BC-610A5B0D8EF9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_sp2_itanium:*:*:*:*:*", "matchCriteriaId": "82D6ABD4-C607-44E8-8D84-25406AE0F3C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_x64_edition:*:*:*:*:*", "matchCriteriaId": "379FE901-58AC-4F47-9B3B-9A40D723CC88", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "EC18DBBB-9C9E-4532-B390-92C35E52943A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_xp_professional_x64_edition:*:*:*:*:*", "matchCriteriaId": "49C8060E-CFB9-4EEA-B5B9-B7607B046AE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_xp_professional_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "FB17CABD-21BE-454F-9602-19DB444A574C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp1_itanium:*:*:*:*:*", "matchCriteriaId": "AB202F47-248D-4290-955F-D1304C6F2395", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp2:*:*:*:*:*", "matchCriteriaId": "3994AE83-EC42-4893-AF51-BC98F35A53CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp2_itanium:*:*:*:*:*", "matchCriteriaId": "33F4B074-7BA5-4A36-A866-945D771D2EA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_x64_edition:*:*:*:*:*", "matchCriteriaId": "491333D2-FDB1-4FC8-B54C-19E06B57FC33", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "E8453618-EDD7-41F4-840E-AA323A873B2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_vista:*:*:*:*:*", "matchCriteriaId": "E5E8CC5B-B8E9-4B54-AE32-4632E77F0320", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_vista_x64:*:*:*:*:*", "matchCriteriaId": "EA7D9655-718E-42D6-9752-64BA3AAC5546", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_xp_professional_x64_edition:*:*:*:*:*", "matchCriteriaId": "8E5B894F-6E15-46DA-93B4-EAB9468D37A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_xp_professional_x64_edition_sp2:*:*:*:*:*", "matchCriteriaId": "CCE0AF0B-DF2A-4F3F-8F5C-0E4056A34229", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka \"Argument Handling Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Vulnerabilidad sin especificar en el Control ActiveX (dxtmsft.dll) en Microsoft Internet Explorer 5.01, 6 SP1 y SP2, y 7, que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una imagen manipulada, tambi\u00e9n conocida como \"Vulnerabilidad de memoria en el manejo de un argumento\"" } ], "id": "CVE-2008-0078", "lastModified": "2024-11-21T00:41:07.197", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-02-12T23:00:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/28903" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/27689" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1019381" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2008/0512/references" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28903" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27689" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019381" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0512/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-06-01 20:30
Modified
2024-11-21 01:15
Severity ?
Summary
Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 8.0.7600.16385 | |
microsoft | internet_explorer | 6.0.2900.2180 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:8.0.7600.16385:*:*:*:*:*:*:*", "matchCriteriaId": "1B5A9719-9C14-4843-A6A9-CF4AF804B37D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs." }, { "lang": "es", "value": "Vulnerabilidad en Microsoft Internet Explorer v6.0.2900.2180 y v8.0.7600.16385 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de recursos) a trav\u00e9s de c\u00f3digo JavaScript que contenga un bucle infinito que crea elementos IFRAME a URIs de tipo news://" } ], "id": "CVE-2010-2118", "lastModified": "2024-11-21T01:15:56.867", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2010-06-01T20:30:02.947", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://websecurity.com.ua/4238/" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/511509/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://websecurity.com.ua/4238/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/511509/100/0/threaded" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-12-22 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 4.5 | |
microsoft | outlook_express | 5.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.5:*:macintosh:*:*:*:*:*", "matchCriteriaId": "55EAB232-C39A-4737-85F3-3D727C727F2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook_express:5.0:*:macos:*:*:*:*:*", "matchCriteriaId": "0C607D22-B01D-4404-9657-0D322CE59B0D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the \"HTML Mail Attachment\" vulnerability." } ], "id": "CVE-2000-0036", "lastModified": "2024-11-20T23:31:34.660", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-12-22T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ249082" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ249082" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-03-17 01:02
Modified
2024-11-21 00:08
Severity ?
Summary
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the \"Multiple Event Handler Memory Corruption Vulnerability.\"" } ], "id": "CVE-2006-1245", "lastModified": "2024-11-21T00:08:24.717", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-03-17T01:02:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/18957" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19269" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://securitytracker.com/id?1015794" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/984473" }, { "source": "secure@microsoft.com", "tags": [ "Exploit" ], "url": "http://www.osvdb.org/23964" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/428810/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/453436/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/453554/100/0/threaded" }, { "source": "secure@microsoft.com", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/17131" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25292" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/18957" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19269" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://securitytracker.com/id?1015794" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/984473" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.osvdb.org/23964" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/428810/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/453436/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/453554/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/17131" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25292" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*", "matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCB0BA4C-BA48-4DDA-917E-9EA9E04A898F", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nortel:ip_softphone_2050:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A140A10-720D-4FF5-9559-184D9AC33509", "vulnerable": true }, { "criteria": "cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*", "matchCriteriaId": "48E2627D-3244-4A66-9EF6-B790EEFD0D4A", "vulnerable": true }, { "criteria": "cpe:2.3:a:nortel:optivity_telephony_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "162EA244-0CED-44BF-9857-13127C833FB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:nortel:symposium_web_centre_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "17F13410-3380-4CB8-9E20-92E14B85ADC4", "vulnerable": true }, { "criteria": "cpe:2.3:a:nortel:symposium_web_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "872353DB-616C-46F8-99F1-7C7B56DEF34F", "vulnerable": true }, { "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E25F5CF2-F891-41CA-A40C-13966F72FDF8", "vulnerable": true }, { "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7417958C-5321-41D6-9D1A-D16BF5511E81", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "matchCriteriaId": "E69D0E21-8C62-403E-8097-2CA403CBBB1B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "matchCriteriaId": "5D42E51C-740A-4441-8BAF-D073111B984C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "matchCriteriaId": "74AD256D-4BCE-41FB-AD73-C5C63A59A06D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*", "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*", "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*", "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*", "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"." } ], "id": "CVE-2004-0839", "lastModified": "2024-11-20T23:49:32.330", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-08-18T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/526089" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10973" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/526089" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10973" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-07-07 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/archive/1/363202 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/10348 | Exploit, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16147 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/363202 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10348 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16147 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash (\"\\\\\") before the target CHM file, as demonstrated using an \"ms-its\" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041." }, { "lang": "es", "value": "La funci\u00f3n showHelp en Internet Explorer 6 en Windows XP Pro permite a atacantes remotos ejecutar ficheros .chm locales de su elecci\u00f3n mediante una barra invertida (\"\") doble antes del fichero .chm objetivo, como se ha demostrado usando una URL \"ms-its\" con ntshared.chm. NOTA: Este fallo puede solaparse con CAN-2003-1041." } ], "id": "CVE-2004-0475", "lastModified": "2024-11-20T23:48:39.913", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2004-07-07T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/363202" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10348" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/363202" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10348" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-07-27 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability." }, { "lang": "es", "value": "Internet Explorer para Mac 5.2.3, Internet Explorer 6 en Windows XP, u posiblemente otras versiones, no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantaci\u00f3n de sitios web y otros ataques. Vulnerabilidad tambi\u00e9n conocida como \"de inyecci\u00f3n de marco\"." } ], "id": "CVE-2004-0719", "lastModified": "2024-11-20T23:49:14.830", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-07-27T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/11966" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/11978" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/11966" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/11978" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-05-28 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE." } ], "id": "CVE-2005-1791", "lastModified": "2024-11-20T23:58:08.700", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2005-05-28T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=111746303509720\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/13798" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=111746303509720\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/13798" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.0.1 | |
microsoft | ie | 5.2.3 | |
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | ie | 7.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*", "matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:5.2.3:*:macintosh:*:*:*:*:*", "matchCriteriaId": "EB51F2D6-3CCA-4695-8A92-39999749B3DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:7.0:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "DF4D6428-CD8B-4155-A876-89B0938AC02E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable." } ], "id": "CVE-2004-1155", "lastModified": "2024-11-20T23:50:14.130", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/13251/" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/22628" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/" }, { "source": "cve@mitre.org", "url": "http://secunia.com/secunia_research/2004-13/advisory/" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11855" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/13251/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22628" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/secunia_research/2004-13/advisory/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11855" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-09-12 23:07
Modified
2024-11-21 00:14
Severity ?
Summary
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | 64-bit | |
microsoft | windows_2003_server | itanium | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "D2CA1674-A8A0-479A-9D80-344D3C563A24", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*", "matchCriteriaId": "0808041A-CE1A-433A-9C2B-019097CCFB0C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en mont\u00f3n en URLMON.DLL en Microsoft Internet Explorer 6 SP1 sobre Windows 2000 y XP SP1, con versiones del parche MS06-042 anterior a 12/09/2006, permite a un atacante remoto provocar denegaci\u00f3n de servicio(caida) o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una URL grande en un sitio web GZIP-codificado que fue el objetivo de una redirecci\u00f3n HTTP, debido a un arreglo incompleto del CVE-2006-3869." } ], "id": "CVE-2006-3873", "lastModified": "2024-11-21T00:14:37.003", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-09-12T23:07:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://research.eeye.com/html/advisories/published/AD20060912.html" }, { "source": "secure@microsoft.com", "url": "http://securityreason.com/securityalert/1555" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016839" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "URL Repurposed" ], "url": "http://weblog.infoworld.com/techwatch/archives/007870.html" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/30834" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/445835/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/19987" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://research.eeye.com/html/advisories/published/AD20060912.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1555" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016839" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "URL Repurposed" ], "url": "http://weblog.infoworld.com/techwatch/archives/007870.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/30834" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/445835/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19987" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-09-15 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin." } ], "id": "CVE-2004-1686", "lastModified": "2024-11-20T23:51:29.937", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-09-15T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109539520310153\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11200" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20617" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109539520310153\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11200" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20617" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027." }, { "lang": "es", "value": "Internet Explorer 6SP! y anteriores permite que atacantes remotos redirijan los comportamientos de copias/pegar y otras acciones del rat\u00f3n a otras ventenas, mediante llamada al m\u00e9todo window.moveBy. Tambi\u00e9n se la conoce como vulnerabilidad HijackClick" } ], "id": "CVE-2003-0823", "lastModified": "2024-11-20T23:45:36.260", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-02-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106322197932006\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/10192" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/413886" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/337086" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1006036" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106322197932006\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/10192" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/413886" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/337086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1006036" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-03-09 11:55
Modified
2024-11-21 01:37
Severity ?
Summary
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:10:consumer_preview:*:*:*:*:*:*", "matchCriteriaId": "AD1E2761-48DA-444F-BC45-44F1401322F2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*", "matchCriteriaId": "314538E8-48EC-4869-9074-2A1F5B7CBB3C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*", "matchCriteriaId": "F56B3A72-7C5E-4F0C-BBC7-AA13DDFBEE70", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2600.0000:*:*:*:*:*:*:*", "matchCriteriaId": "6876CE89-AA70-44C5-8A69-E2ED7A63F570", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*", "matchCriteriaId": "BCE2555F-C4BE-482F-8DD9-976D2026058C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*", "matchCriteriaId": "61F352FE-C22E-4B33-A46F-77A164B5DABB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*", "matchCriteriaId": "5ACD5A44-0926-4A1B-9900-1E7CC0A561C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3718.0000:*:*:*:*:*:*:*", "matchCriteriaId": "196CEE37-2E3A-41A7-9AC1-0D5CC3F35D8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*", "matchCriteriaId": "3E16BEF4-71AA-4E23-B438-D25FFABDB646", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*", "matchCriteriaId": "1F32702E-F955-4DDB-B235-7C47E882453C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*", "matchCriteriaId": "6FA2B4AD-C04D-4A6B-8570-5A2F5489F750", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*", "matchCriteriaId": "817636ED-5E42-460E-89F1-24D5C64AB8BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*", "matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*", "matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*", "matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:*:*:*:*:*:*:*", "matchCriteriaId": "5F709B61-F64B-4E8F-80BB-4944485B6125", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", "matchCriteriaId": "612B8367-DAEF-4EE3-BC57-16A5CF4D3030", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012." }, { "lang": "es", "value": "Microsoft Internet Explorer v6 a v9, y v10 Consumer Preview, permite a atacantes remotos eludir el modo protegido o causar una denegaci\u00f3n de servicio (por corrupci\u00f3n de memoria), aprovechando el acceso a un proceso de baja integridad, como lo demostr\u00f3 VUPEN durante una competencia Pwn2Own en CanSecWest 2012" } ], "id": "CVE-2012-1545", "lastModified": "2024-11-21T01:37:12.227", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2012-03-09T11:55:01.193", "references": [ { "source": "cve@mitre.org", "url": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars" }, { "source": "cve@mitre.org", "url": "http://pwn2own.zerodayinitiative.com/status.html" }, { "source": "cve@mitre.org", "url": "http://twitter.com/vupen/statuses/177895844828291073" }, { "source": "cve@mitre.org", "url": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://pwn2own.zerodayinitiative.com/status.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://twitter.com/vupen/statuses/177895844828291073" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-01-20 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
References