All the vulnerabilites related to Microsoft Corporation - Microsoft Internet Explorer
jvndb-2006-000345
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Microsoft Internet Explorer address bar spoofing vulnerability
Details
Microsoft Internet Explorer contains an address bar spoofing vulnerability. A remote attacker can cause a spoofed content to be displayed in a user's web browser window. The address bar and other parts of the trust user interface can be displayed in the context of a trusted site while the spoofed content remains under the control of the remote attacker.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000345.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Microsoft Internet Explorer contains an address bar spoofing vulnerability. A remote attacker can cause a spoofed content to be displayed in a user\u0027s web browser window. The address bar and other parts of the trust user interface can be displayed in the context of a trusted site while the spoofed content remains under the control of the remote attacker.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000345.html",
"sec:cpe": [
{
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows-9x",
"@product": "Microsoft Windows 9X",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_2000",
"@product": "Microsoft Windows 2000",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_server_2003",
"@product": "Microsoft Windows Server 2003",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_xp",
"@product": "Microsoft Windows XP",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000345",
"sec:references": [
{
"#text": "http://jvn.jp/cert/JVNTA06-164A/index.html",
"@id": "JVNTA06-164A",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN74969119/index.html",
"@id": "JVN#74969119",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/tr/TRTA06-164A/",
"@id": "TRTA06-164A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2384",
"@id": "CVE-2006-2384",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2384",
"@id": "CVE-2006-2384",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA06-164A.html",
"@id": "SA06-164A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html",
"@id": "TA06-164A",
"@source": "CERT-TA"
},
{
"#text": "http://www.securityfocus.com/bid/18321",
"@id": "18321",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/2319",
"@id": "FrSIRT/ADV-2006-2319",
"@source": "FRSIRT"
}
],
"title": "Microsoft Internet Explorer address bar spoofing vulnerability"
}
jvndb-2010-000065
Vulnerability from jvndb
Published
2010-12-15 18:20
Modified
2010-12-15 18:20
Summary
Internet Explorer vulnerable to cross-site scripting
Details
Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack.
Microsoft Internet Explorer contains a vulnerability in handling specific ISO-2022-JP encoded characters, which may result in cross-site scripting.
For more information, refer to the information provided by Microsoft.
Masatoshi Sato of AZIA CO., LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Microsoft Corporation | Microsoft Internet Explorer |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000065.html",
"dc:date": "2010-12-15T18:20+09:00",
"dcterms:issued": "2010-12-15T18:20+09:00",
"dcterms:modified": "2010-12-15T18:20+09:00",
"description": "Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack.\r\n\r\nMicrosoft Internet Explorer contains a vulnerability in handling specific ISO-2022-JP encoded characters, which may result in cross-site scripting.\r\n\r\nFor more information, refer to the information provided by Microsoft.\r\n\r\nMasatoshi Sato of AZIA CO., LTD. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000065.html",
"sec:cpe": {
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000065",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN33301529/index.html",
"@id": "JVN#33301529",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3348",
"@id": "CVE-2010-3348",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3348",
"@id": "CVE-2010-3348",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/42091",
"@id": "SA42091",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/45263",
"@id": "45263",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/3214",
"@id": "VUPEN/ADV-2010-3214",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Internet Explorer vulnerable to cross-site scripting"
}
jvndb-2010-000011
Vulnerability from jvndb
Published
2010-04-08 17:47
Modified
2010-04-08 17:47
Summary
Internet Explorer information disclosure vulnerability
Details
Internet Explorer contains an information disclosure vulnerability.
Internet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability.
Daiki Fukumori of Cyber Defense Institute Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Microsoft Corporation | Microsoft Internet Explorer |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000011.html",
"dc:date": "2010-04-08T17:47+09:00",
"dcterms:issued": "2010-04-08T17:47+09:00",
"dcterms:modified": "2010-04-08T17:47+09:00",
"description": "Internet Explorer contains an information disclosure vulnerability.\r\n\r\nInternet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability.\r\n\r\nDaiki Fukumori of Cyber Defense Institute Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000011.html",
"sec:cpe": {
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000011",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN49467403/index.html",
"@id": "JVN#49467403",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2010-10/",
"@id": "JVNTR-2010-10",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0488",
"@id": "CVE-2010-0488",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0488",
"@id": "CVE-2010-0488",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20100331-ms10-018.html",
"@id": "20100331-ms10-018",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA10-089A.html",
"@id": "SA10-089A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html",
"@id": "TA10-089A",
"@source": "CERT-TA"
},
{
"#text": "http://www.securityfocus.com/bid/39028",
"@id": "39028",
"@source": "BID"
},
{
"#text": "http://securitytracker.com/id?1023773",
"@id": "1023773",
"@source": "SECTRACK"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/0744",
"@id": "VUPEN/ADV-2010-0744",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Internet Explorer information disclosure vulnerability"
}
jvndb-2010-000062
Vulnerability from jvndb
Published
2010-12-15 18:18
Modified
2010-12-15 18:18
Summary
Internet Explorer vulnerable to cross-site scripting
Details
Microsoft Internet Explorer contains a cross-site scripting vulnerability due to the way file types are determined.
Microsoft Internet Explorer contains a vulnerability in handling Content-Type, which may result in cross-site scripting.
For more information, refer to the information provided by Microsoft.
Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000062.html",
"dc:date": "2010-12-15T18:18+09:00",
"dcterms:issued": "2010-12-15T18:18+09:00",
"dcterms:modified": "2010-12-15T18:18+09:00",
"description": "Microsoft Internet Explorer contains a cross-site scripting vulnerability due to the way file types are determined.\r\n\r\nMicrosoft Internet Explorer contains a vulnerability in handling Content-Type, which may result in cross-site scripting.\r\n\r\nFor more information, refer to the information provided by Microsoft. \r\n\r\nYoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000062.html",
"sec:cpe": [
{
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_7",
"@product": "Microsoft Windows 7",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_vista",
"@product": "Microsoft Windows Vista",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_xp",
"@product": "Microsoft Windows XP",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000062",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN62275332/index.html",
"@id": "JVN#62275332",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3342",
"@id": "CVE-2010-3342",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3342",
"@id": "CVE-2010-3342",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/42091",
"@id": "SA42091",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/45256",
"@id": "45256",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/3214",
"@id": "VUPEN/ADV-2010-3214",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Internet Explorer vulnerable to cross-site scripting"
}
jvndb-2011-000060
Vulnerability from jvndb
Published
2011-08-10 17:17
Modified
2011-08-10 17:17
Summary
Windows URL Protocol Handler may insecurely load executable files
Details
Windows URL Protocol Handler may use unsafe methods for determining how to load executable (.exe) files.
Windows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executable files.
Makoto Shiotsuki of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000060.html",
"dc:date": "2011-08-10T17:17+09:00",
"dcterms:issued": "2011-08-10T17:17+09:00",
"dcterms:modified": "2011-08-10T17:17+09:00",
"description": "Windows URL Protocol Handler may use unsafe methods for determining how to load executable (.exe) files.\r\n\r\nWindows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executable files.\r\n\r\nMakoto Shiotsuki of Security Professionals Network Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000060.html",
"sec:cpe": [
{
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_7",
"@product": "Microsoft Windows 7",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_server_2003",
"@product": "Microsoft Windows Server 2003",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_server_2008",
"@product": "Microsoft Windows Server 2008",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_vista",
"@product": "Microsoft Windows Vista",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_xp",
"@product": "Microsoft Windows XP",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000060",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN80404511/index.html",
"@id": "JVN#80404511",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1961",
"@id": "CVE-2011-1961",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1961",
"@id": "CVE-2011-1961",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201108_windows_en.html",
"@id": "Security Alert for Vulnerability in Windows",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Windows URL Protocol Handler may insecurely load executable files"
}
jvndb-2012-000009
Vulnerability from jvndb
Published
2012-07-30 14:53
Modified
2012-07-30 14:53
Summary
Multiple web browsers vulnerable in processing Tranfer-Encoding header
Details
Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header.
Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as a response from a different server.
Kazuho Oku reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN90389651/index.html |
| No Mapping(CWE-DesignError) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000009.html",
"dc:date": "2012-07-30T14:53+09:00",
"dcterms:issued": "2012-07-30T14:53+09:00",
"dcterms:modified": "2012-07-30T14:53+09:00",
"description": "Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header.\r\n\r\nMultiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as a response from a different server.\r\n\r\nKazuho Oku reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000009.html",
"sec:cpe": [
{
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:mozilla:firefox",
"@product": "Mozilla Firefox",
"@vendor": "mozilla.org contributors",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000009",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN90389651/index.html",
"@id": "JVN#90389651",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-DesignError",
"@title": "No Mapping(CWE-DesignError)"
}
],
"title": "Multiple web browsers vulnerable in processing Tranfer-Encoding header"
}
jvndb-2011-000037
Vulnerability from jvndb
Published
2011-06-16 12:18
Modified
2011-06-16 12:18
Summary
Clipboard contents alteration vulnerability in Internet Explorer
Details
Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered.
Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Internet Explorer is used with certain settings, the contents of the clipboard may be read or written from a website.
stardust hoshikuzu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN63451350/index.html |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Microsoft Corporation | Microsoft Internet Explorer |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000037.html",
"dc:date": "2011-06-16T12:18+09:00",
"dcterms:issued": "2011-06-16T12:18+09:00",
"dcterms:modified": "2011-06-16T12:18+09:00",
"description": "Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered.\r\n\r\nInternet Explorer contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Internet Explorer is used with certain settings, the contents of the clipboard may be read or written from a website.\r\n\r\nstardust hoshikuzu reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000037.html",
"sec:cpe": {
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000037",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN63451350/index.html",
"@id": "JVN#63451350",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Clipboard contents alteration vulnerability in Internet Explorer"
}
jvndb-2011-000038
Vulnerability from jvndb
Published
2011-06-16 12:21
Modified
2011-06-16 12:21
Summary
Internet Explorer vulnerable to cross-site scripting
Details
Internet Explorer contains a cross-site scripting vulnerability.
Internet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names.
Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN26408023/index.html |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Microsoft Corporation | Microsoft Internet Explorer |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000038.html",
"dc:date": "2011-06-16T12:21+09:00",
"dcterms:issued": "2011-06-16T12:21+09:00",
"dcterms:modified": "2011-06-16T12:21+09:00",
"description": "Internet Explorer contains a cross-site scripting vulnerability.\r\n\r\nInternet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names.\r\n\r\nKeigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000038.html",
"sec:cpe": {
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000038",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN26408023/index.html",
"@id": "JVN#26408023",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Internet Explorer vulnerable to cross-site scripting"
}
jvndb-2013-000053
Vulnerability from jvndb
Published
2013-06-07 13:59
Modified
2013-06-07 13:59
Summary
Internet Explorer vulnerable to information disclosure
Details
Internet Explorer contains an issue in handling XML files, which may result in information disclosure.
Isayama Takayoshi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN63901692/index.html |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Microsoft Corporation | Microsoft Internet Explorer |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000053.html",
"dc:date": "2013-06-07T13:59+09:00",
"dcterms:issued": "2013-06-07T13:59+09:00",
"dcterms:modified": "2013-06-07T13:59+09:00",
"description": "Internet Explorer contains an issue in handling XML files, which may result in information disclosure.\r\n\r\nIsayama Takayoshi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000053.html",
"sec:cpe": {
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000053",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN63901692/index.html",
"@id": "JVN#63901692",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Internet Explorer vulnerable to information disclosure"
}
jvndb-2013-000093
Vulnerability from jvndb
Published
2013-09-19 14:39
Modified
2013-10-10 18:12
Summary
Internet Explorer vulnerable to arbitrary code execution
Details
Internet Explorer contains a vulnerability that may allow arbitrary code execution.
According to Microsoft, targeted attacks that attempt to exploit this vulnerability have been confirmed but are limited.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN27443259/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893 |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3893 |
| IPA SECURITY ALERTS | http://www.ipa.go.jp/security/ciadr/vul/20130918-ms.html |
| JPCERT-WR | https://www.jpcert.or.jp/at/2013/at130040.html |
| Resource Management Errors(CWE-399) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Microsoft Corporation | Microsoft Internet Explorer |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000093.html",
"dc:date": "2013-10-10T18:12+09:00",
"dcterms:issued": "2013-09-19T14:39+09:00",
"dcterms:modified": "2013-10-10T18:12+09:00",
"description": "Internet Explorer contains a vulnerability that may allow arbitrary code execution.\r\n\r\nAccording to Microsoft, targeted attacks that attempt to exploit this vulnerability have been confirmed but are limited.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000093.html",
"sec:cpe": {
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000093",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN27443259/index.html",
"@id": "JVN#27443259",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893",
"@id": "CVE-2013-3893",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3893",
"@id": "CVE-2013-3893",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20130918-ms.html",
"@id": "Security Alert for Internet Explorer (CVE-2013-3893)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.jpcert.or.jp/at/2013/at130040.html",
"@id": "Vulnerability in Microsoft Internet Explorer in September 2013",
"@source": "JPCERT-WR"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-399",
"@title": "Resource Management Errors(CWE-399)"
}
],
"title": "Internet Explorer vulnerable to arbitrary code execution"
}
jvndb-2011-000052
Vulnerability from jvndb
Published
2011-07-08 18:29
Modified
2011-07-08 18:29
Summary
Internet Explorer vulnerable to cross-site scripting
Details
Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack.
Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting.
Takeshi TERADA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN51325625/index.html |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Microsoft Corporation | Microsoft Internet Explorer |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000052.html",
"dc:date": "2011-07-08T18:29+09:00",
"dcterms:issued": "2011-07-08T18:29+09:00",
"dcterms:modified": "2011-07-08T18:29+09:00",
"description": "Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack.\r\n\r\nMicrosoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting.\r\n\r\nTakeshi TERADA reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000052.html",
"sec:cpe": {
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000052",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN51325625/index.html",
"@id": "JVN#51325625",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Internet Explorer vulnerable to cross-site scripting"
}
jvndb-2010-000063
Vulnerability from jvndb
Published
2010-12-15 18:19
Modified
2010-12-15 18:19
Summary
Internet Explorer vulnerable to cross-site scripting
Details
Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack.
Microsoft Internet Explorer contains a vulnerability in handling specific UTF-7 encoded characters, which may result in cross-site scripting.
For more information, refer to the information provided by Microsoft.
Takeshi Terada and Yutaka Kokubu from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000063.html",
"dc:date": "2010-12-15T18:19+09:00",
"dcterms:issued": "2010-12-15T18:19+09:00",
"dcterms:modified": "2010-12-15T18:19+09:00",
"description": "Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack.\r\n\r\nMicrosoft Internet Explorer contains a vulnerability in handling specific UTF-7 encoded characters, which may result in cross-site scripting.\r\n\r\nFor more information, refer to the information provided by Microsoft.\r\n\r\nTakeshi Terada and Yutaka Kokubu from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000063.html",
"sec:cpe": [
{
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_7",
"@product": "Microsoft Windows 7",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_vista",
"@product": "Microsoft Windows Vista",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_xp",
"@product": "Microsoft Windows XP",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000063",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN30273074/index.html",
"@id": "JVN#30273074",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3342",
"@id": "CVE-2010-3342",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3342",
"@id": "CVE-2010-3342",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/42091",
"@id": "SA42091",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/45256",
"@id": "45256",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/3214",
"@id": "VUPEN/ADV-2010-3214",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Internet Explorer vulnerable to cross-site scripting"
}
jvndb-2011-000061
Vulnerability from jvndb
Published
2011-08-12 14:06
Modified
2011-08-12 14:06
Summary
Internet Explorer window display vulnerability
Details
Internet Explorer contains a vulnerability where the window display may be forged.
Internet Explorer contains an issue with rendering window displays, which may lead to a window display being forged.
hoshikuzu|star_dust reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN96E584EB/index.html |
| No Mapping(CWE-noinfo) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Microsoft Corporation | Microsoft Internet Explorer |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000061.html",
"dc:date": "2011-08-12T14:06+09:00",
"dcterms:issued": "2011-08-12T14:06+09:00",
"dcterms:modified": "2011-08-12T14:06+09:00",
"description": "Internet Explorer contains a vulnerability where the window display may be forged.\r\n\r\nInternet Explorer contains an issue with rendering window displays, which may lead to a window display being forged.\r\n\r\nhoshikuzu|star_dust reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000061.html",
"sec:cpe": {
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000061",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN96E584EB/index.html",
"@id": "JVN#96E584EB",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Internet Explorer window display vulnerability"
}
jvndb-2016-000028
Vulnerability from jvndb
Published
2016-02-19 14:39
Modified
2016-02-23 11:23
Severity
Summary
Internet Explorer cross-domain policy bypass
Details
Internet Explorer contains a flaw that may allow an attacker to bypass cross-domain policies.
Yosuke HASEGAWA of Secure Sky Technology Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Microsoft Corporation | Microsoft Internet Explorer |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000028.html",
"dc:date": "2016-02-23T11:23+09:00",
"dcterms:issued": "2016-02-19T14:39+09:00",
"dcterms:modified": "2016-02-23T11:23+09:00",
"description": "Internet Explorer contains a flaw that may allow an attacker to bypass cross-domain policies.\r\n\r\nYosuke HASEGAWA of Secure Sky Technology Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000028.html",
"sec:cpe": {
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000028",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN78383854/index.html",
"@id": "JVN#78383854",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0069",
"@id": "CVE-2016-0069",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0069",
"@id": "CVE-2016-0069",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/security/ciadr/vul/20160210-ms.html",
"@id": "Security Alert for Vulnerability in Microsoft Security Bulletin",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.jpcert.or.jp/english/at/2016/at160007.html",
"@id": "JPCERT-AT-2016-0007",
"@source": "JPCERT-WR"
},
{
"#text": "http://www.npa.go.jp/cyberpolice/topics/?seq=17702",
"@id": "For Microsoft Security Bulletin (MS16-009,011,012,013,014,015,016,017,018,019,020,021,022)(2016/02/10)",
"@source": "AT-POLICE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Internet Explorer cross-domain policy bypass"
}
jvndb-2010-000064
Vulnerability from jvndb
Published
2010-12-15 18:19
Modified
2010-12-15 18:19
Summary
Internet Explorer vulnerable to cross-site scripting
Details
Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack.
Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP or Shift_JIS encoded characters, which may result in cross-site scripting.
For more information, refer to the information provided by Microsoft.
NetAgent Co.,Ltd. and hoshikuzu|star_dust reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000064.html",
"dc:date": "2010-12-15T18:19+09:00",
"dcterms:issued": "2010-12-15T18:19+09:00",
"dcterms:modified": "2010-12-15T18:19+09:00",
"description": "Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack.\r\n\r\nMicrosoft Internet Explorer contains a vulnerability in handling specific EUC-JP or Shift_JIS encoded characters, which may result in cross-site scripting.\r\n\r\nFor more information, refer to the information provided by Microsoft. \r\n\r\nNetAgent Co.,Ltd. and hoshikuzu|star_dust reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000064.html",
"sec:cpe": [
{
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_7",
"@product": "Microsoft Windows 7",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_vista",
"@product": "Microsoft Windows Vista",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_xp",
"@product": "Microsoft Windows XP",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000064",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN21120853/index.html",
"@id": "JVN#21120853",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3342",
"@id": "CVE-2010-3342",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3342",
"@id": "CVE-2010-3342",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/42091",
"@id": "SA42091",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/45256",
"@id": "45256 ",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/3214",
"@id": "VUPEN/ADV-2010-3214",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Internet Explorer vulnerable to cross-site scripting"
}
jvndb-2015-005234
Vulnerability from jvndb
Published
2015-12-17 15:19
Modified
2015-12-17 15:19
Severity
Summary
Adobe Flash Player issue where iframe contents may be overwritten
Details
Adobe Flash Player contains an issue where the same-origin policy may be bypassed leading to iframe contents being overwritten.
Tokuji Akamine reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-005234.html",
"dc:date": "2015-12-17T15:19+09:00",
"dcterms:issued": "2015-12-17T15:19+09:00",
"dcterms:modified": "2015-12-17T15:19+09:00",
"description": "Adobe Flash Player contains an issue where the same-origin policy may be bypassed leading to iframe contents being overwritten.\r\n\r\nTokuji Akamine reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-005234.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:adobe_air",
"@product": "Adobe AIR",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:adobe:adobe_air_sdk",
"@product": "Adobe AIR SDK",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"@product": "Adobe AIR SDK \u0026 Compiler",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:adobe:flash_player",
"@product": "Adobe Flash Player",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:google:chrome",
"@product": "Google Chrome",
"@vendor": "Google",
"@version": "2.2"
},
{
"#text": "cpe:/a:microsoft:edge",
"@product": "Microsoft Edge",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2015-005234",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN22533124/index.html",
"@id": "JVN#22533124",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7628",
"@id": "CVE-2015-7628",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7628",
"@id": "CVE-2015-7628",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20151014-adobeflashplayer.html",
"@id": "Security Alert for Vulnerability in Adobe Flash Player (APSB15-25)(CVE-2015-7628 and others) ",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.jpcert.or.jp/english/at/2015/at150036.html",
"@id": "JPCERT-AT-2015-0036",
"@source": "JPCERT-WR"
},
{
"#text": "https://www.npa.go.jp/cyberpolice/topics/?seq=17024",
"@id": "For Adobe Flash Player security fix (2015/10/14)",
"@source": "AT-POLICE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Adobe Flash Player issue where iframe contents may be overwritten"
}