All the vulnerabilites related to microsoft - ie
cve-1999-0989
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:55
Severity ?
EPSS score ?
Summary
Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/861 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/861"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/861"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/861"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0989",
"datePublished": "2000-01-04T05:00:00",
"dateReserved": "1999-12-14T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1192
Vulnerability from cvelistv5
Published
2006-04-11 23:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18957"
},
{
"name": "oval:org.mitre.oval:def:1498",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1498"
},
{
"name": "670",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/670"
},
{
"name": "ie-browser-window-spoofing(25557)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25557"
},
{
"name": "17460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17460"
},
{
"name": "oval:org.mitre.oval:def:1645",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1645"
},
{
"name": "MS06-013",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "oval:org.mitre.oval:def:1336",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336"
},
{
"name": "ADV-2006-1318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "oval:org.mitre.oval:def:1740",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1740"
},
{
"name": "1015899",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015899"
},
{
"name": "oval:org.mitre.oval:def:1725",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow \"window content to persist\" after the user has navigated to another site, aka the \"Address Bar Spoofing Vulnerability.\" NOTE: this is a different vulnerability than CVE-2006-1626."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "18957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18957"
},
{
"name": "oval:org.mitre.oval:def:1498",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1498"
},
{
"name": "670",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/670"
},
{
"name": "ie-browser-window-spoofing(25557)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25557"
},
{
"name": "17460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17460"
},
{
"name": "oval:org.mitre.oval:def:1645",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1645"
},
{
"name": "MS06-013",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "oval:org.mitre.oval:def:1336",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336"
},
{
"name": "ADV-2006-1318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "oval:org.mitre.oval:def:1740",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1740"
},
{
"name": "1015899",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015899"
},
{
"name": "oval:org.mitre.oval:def:1725",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1725"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow \"window content to persist\" after the user has navigated to another site, aka the \"Address Bar Spoofing Vulnerability.\" NOTE: this is a different vulnerability than CVE-2006-1626."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18957"
},
{
"name": "oval:org.mitre.oval:def:1498",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1498"
},
{
"name": "670",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/670"
},
{
"name": "ie-browser-window-spoofing(25557)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25557"
},
{
"name": "17460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17460"
},
{
"name": "oval:org.mitre.oval:def:1645",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1645"
},
{
"name": "MS06-013",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "oval:org.mitre.oval:def:1336",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336"
},
{
"name": "ADV-2006-1318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "oval:org.mitre.oval:def:1740",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1740"
},
{
"name": "1015899",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015899"
},
{
"name": "oval:org.mitre.oval:def:1725",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1725"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-1192",
"datePublished": "2006-04-11T23:00:00",
"dateReserved": "2006-03-13T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4089
Vulnerability from cvelistv5
Published
2005-12-08 11:00
Modified
2024-08-07 23:31
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:49.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17564"
},
{
"name": "oval:org.mitre.oval:def:1977",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1977"
},
{
"name": "oval:org.mitre.oval:def:1800",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1800"
},
{
"name": "oval:org.mitre.oval:def:1838",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1838"
},
{
"name": "ADV-2006-2319",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"name": "1016291",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016291"
},
{
"name": "oval:org.mitre.oval:def:1985",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1985"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hacker.co.il/security/ie/css_import.html"
},
{
"name": "oval:org.mitre.oval:def:1556",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556"
},
{
"name": "oval:org.mitre.oval:def:1914",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1914"
},
{
"name": "15660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15660"
},
{
"name": "ADV-2005-2804",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2804"
},
{
"name": "MS06-021",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka \"CSSXSS\" and \"CSS Cross-Domain Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17564"
},
{
"name": "oval:org.mitre.oval:def:1977",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1977"
},
{
"name": "oval:org.mitre.oval:def:1800",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1800"
},
{
"name": "oval:org.mitre.oval:def:1838",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1838"
},
{
"name": "ADV-2006-2319",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"name": "1016291",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016291"
},
{
"name": "oval:org.mitre.oval:def:1985",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1985"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hacker.co.il/security/ie/css_import.html"
},
{
"name": "oval:org.mitre.oval:def:1556",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556"
},
{
"name": "oval:org.mitre.oval:def:1914",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1914"
},
{
"name": "15660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15660"
},
{
"name": "ADV-2005-2804",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2804"
},
{
"name": "MS06-021",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka \"CSSXSS\" and \"CSS Cross-Domain Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17564"
},
{
"name": "oval:org.mitre.oval:def:1977",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1977"
},
{
"name": "oval:org.mitre.oval:def:1800",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1800"
},
{
"name": "oval:org.mitre.oval:def:1838",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1838"
},
{
"name": "ADV-2006-2319",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"name": "1016291",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016291"
},
{
"name": "oval:org.mitre.oval:def:1985",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1985"
},
{
"name": "http://www.hacker.co.il/security/ie/css_import.html",
"refsource": "MISC",
"url": "http://www.hacker.co.il/security/ie/css_import.html"
},
{
"name": "oval:org.mitre.oval:def:1556",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556"
},
{
"name": "oval:org.mitre.oval:def:1914",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1914"
},
{
"name": "15660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15660"
},
{
"name": "ADV-2005-2804",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2804"
},
{
"name": "MS06-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4089",
"datePublished": "2005-12-08T11:00:00",
"dateReserved": "2005-12-08T00:00:00",
"dateUpdated": "2024-08-07T23:31:49.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3640
Vulnerability from cvelistv5
Published
2006-08-09 00:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1016663 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/19339 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/21396 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/3212 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/27850 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "oval:org.mitre.oval:def:171",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171"
},
{
"name": "19339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19339"
},
{
"name": "21396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "27850",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka \"Window Location Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1016663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "oval:org.mitre.oval:def:171",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171"
},
{
"name": "19339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19339"
},
{
"name": "21396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "27850",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka \"Window Location Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016663",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "oval:org.mitre.oval:def:171",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171"
},
{
"name": "19339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19339"
},
{
"name": "21396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "27850",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3640",
"datePublished": "2006-08-09T00:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:54.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0028
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0028 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T08:19:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0028",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0028",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "2000-01-11T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0216
Vulnerability from cvelistv5
Published
2004-10-16 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5316",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/msinsengfull.txt"
},
{
"name": "VU#637760",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/637760"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "ie-installenginectl-setciffile-bo(17620)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17620"
},
{
"name": "oval:org.mitre.oval:def:7865",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "ie-ms04038-patch(17651)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"name": "oval:org.mitre.oval:def:7717",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717"
},
{
"name": "oval:org.mitre.oval:def:6100",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100"
},
{
"name": "oval:org.mitre.oval:def:6600",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600"
},
{
"name": "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616383332055\u0026w=2"
},
{
"name": "20041012 Microsoft Internet Explorer Install Engine Control Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109760693512754\u0026w=2"
},
{
"name": "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=110619893620517\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:5329",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5316",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/msinsengfull.txt"
},
{
"name": "VU#637760",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/637760"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "ie-installenginectl-setciffile-bo(17620)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17620"
},
{
"name": "oval:org.mitre.oval:def:7865",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "ie-ms04038-patch(17651)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"name": "oval:org.mitre.oval:def:7717",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717"
},
{
"name": "oval:org.mitre.oval:def:6100",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100"
},
{
"name": "oval:org.mitre.oval:def:6600",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600"
},
{
"name": "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616383332055\u0026w=2"
},
{
"name": "20041012 Microsoft Internet Explorer Install Engine Control Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109760693512754\u0026w=2"
},
{
"name": "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=110619893620517\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:5329",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:5316",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316"
},
{
"name": "http://www.ngssoftware.com/advisories/msinsengfull.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/msinsengfull.txt"
},
{
"name": "VU#637760",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/637760"
},
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "ie-installenginectl-setciffile-bo(17620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17620"
},
{
"name": "oval:org.mitre.oval:def:7865",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865"
},
{
"name": "TA04-293A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "ie-ms04038-patch(17651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"name": "oval:org.mitre.oval:def:7717",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717"
},
{
"name": "oval:org.mitre.oval:def:6100",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100"
},
{
"name": "oval:org.mitre.oval:def:6600",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600"
},
{
"name": "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110616383332055\u0026w=2"
},
{
"name": "20041012 Microsoft Internet Explorer Install Engine Control Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109760693512754\u0026w=2"
},
{
"name": "20050119 Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=110619893620517\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:5329",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0216",
"datePublished": "2004-10-16T04:00:00",
"dateReserved": "2004-03-11T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2383
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/9761 | vdb-entry, x_refsource_BID | |
| http://www.idefense.com/application/poi/display?id=77&type=vulnerabilities&flashstatus=false | third-party-advisory, x_refsource_IDEFENSE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15337 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9761"
},
{
"name": "20040227 Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=77\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "ie-frame-domain-bypass(15337)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9761"
},
{
"name": "20040227 Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=77\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "ie-frame-domain-bypass(15337)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15337"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9761"
},
{
"name": "20040227 Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=77\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "ie-frame-domain-bypass(15337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15337"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2383",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3510
Vulnerability from cvelistv5
Published
2006-07-11 22:00
Modified
2024-08-07 18:30
Severity ?
EPSS score ?
Summary
The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/26955 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2006/2718 | vdb-entry, x_refsource_VUPEN | |
| http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27621 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/18900 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26955",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26955"
},
{
"name": "ADV-2006-2718",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html"
},
{
"name": "ie-rdsdatacontrol-url-dos(27621)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27621"
},
{
"name": "18900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26955",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26955"
},
{
"name": "ADV-2006-2718",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html"
},
{
"name": "ie-rdsdatacontrol-url-dos(27621)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27621"
},
{
"name": "18900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18900"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26955",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26955"
},
{
"name": "ADV-2006-2718",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2718"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html"
},
{
"name": "ie-rdsdatacontrol-url-dos(27621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27621"
},
{
"name": "18900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18900"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3510",
"datePublished": "2006-07-11T22:00:00",
"dateReserved": "2006-07-11T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1489
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7709 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/245152 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3684 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "win-browser-image-dos(7709)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709"
},
{
"name": "20011211 Browsers fails on big image count",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/245152"
},
{
"name": "3684",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "win-browser-image-dos(7709)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709"
},
{
"name": "20011211 Browsers fails on big image count",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/245152"
},
{
"name": "3684",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "win-browser-image-dos(7709)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709"
},
{
"name": "20011211 Browsers fails on big image count",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/245152"
},
{
"name": "3684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1489",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0116
Vulnerability from cvelistv5
Published
2003-04-26 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/301945 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/244729 | third-party-advisory, x_refsource_CERT-VN | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/6306 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20021203 Poisonous Style for Dialog window turns the zone off.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/301945"
},
{
"name": "VU#244729",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/244729"
},
{
"name": "MS03-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"name": "6306",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka \"Modal Dialog script execution.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20021203 Poisonous Style for Dialog window turns the zone off.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/301945"
},
{
"name": "VU#244729",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/244729"
},
{
"name": "MS03-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"name": "6306",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6306"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka \"Modal Dialog script execution.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021203 Poisonous Style for Dialog window turns the zone off.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/301945"
},
{
"name": "VU#244729",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/244729"
},
{
"name": "MS03-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"name": "6306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6306"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0116",
"datePublished": "2003-04-26T04:00:00",
"dateReserved": "2003-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2281
Vulnerability from cvelistv5
Published
2008-05-18 14:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/5619 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42416 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/1529/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30141 | third-party-advisory, x_refsource_SECUNIA | |
| http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx | x_refsource_MISC | |
| http://www.securityfocus.com/bid/29217 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:00.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5619",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5619"
},
{
"name": "ie-printtableoflinks-code-execution(42416)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42416"
},
{
"name": "ADV-2008-1529",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1529/references"
},
{
"name": "30141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30141"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx"
},
{
"name": "29217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5619",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5619"
},
{
"name": "ie-printtableoflinks-code-execution(42416)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42416"
},
{
"name": "ADV-2008-1529",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1529/references"
},
{
"name": "30141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30141"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx"
},
{
"name": "29217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5619",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5619"
},
{
"name": "ie-printtableoflinks-code-execution(42416)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42416"
},
{
"name": "ADV-2008-1529",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1529/references"
},
{
"name": "30141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30141"
},
{
"name": "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx"
},
{
"name": "29217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2281",
"datePublished": "2008-05-18T14:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:00.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3643
Vulnerability from cvelistv5
Published
2006-08-09 00:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1016655 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28005 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/3213 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/19417 | vdb-entry, x_refsource_BID | |
| http://www.us-cert.gov/cas/techalerts/TA06-220A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.kb.cert.org/vuls/id/927548 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/21401 | third-party-advisory, x_refsource_SECUNIA | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016655",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016655"
},
{
"name": "win-mmc-resource-xss(28005)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28005"
},
{
"name": "ADV-2006-3213",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3213"
},
{
"name": "19417",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19417"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "oval:org.mitre.oval:def:638",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638"
},
{
"name": "VU#927548",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/927548"
},
{
"name": "21401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21401"
},
{
"name": "MS06-044",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local \"HTML-embedded resource files\" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka \"MMC Redirect Cross-Site Scripting Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1016655",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016655"
},
{
"name": "win-mmc-resource-xss(28005)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28005"
},
{
"name": "ADV-2006-3213",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3213"
},
{
"name": "19417",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19417"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "oval:org.mitre.oval:def:638",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638"
},
{
"name": "VU#927548",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/927548"
},
{
"name": "21401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21401"
},
{
"name": "MS06-044",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local \"HTML-embedded resource files\" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka \"MMC Redirect Cross-Site Scripting Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016655",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016655"
},
{
"name": "win-mmc-resource-xss(28005)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28005"
},
{
"name": "ADV-2006-3213",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3213"
},
{
"name": "19417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19417"
},
{
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "oval:org.mitre.oval:def:638",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638"
},
{
"name": "VU#927548",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/927548"
},
{
"name": "21401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21401"
},
{
"name": "MS06-044",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3643",
"datePublished": "2006-08-09T00:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0115
Vulnerability from cvelistv5
Published
2003-05-02 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/11848.php | vdb-entry, x_refsource_XF | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-improper-thirdparty-rendering(11848)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11848.php"
},
{
"name": "MS03-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the \"Third Party Plugin Rendering\" vulnerability, a different vulnerability than CVE-2003-0233."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-improper-thirdparty-rendering(11848)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11848.php"
},
{
"name": "MS03-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the \"Third Party Plugin Rendering\" vulnerability, a different vulnerability than CVE-2003-0233."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-improper-thirdparty-rendering(11848)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11848.php"
},
{
"name": "MS03-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0115",
"datePublished": "2003-05-02T04:00:00",
"dateReserved": "2003-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0284
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/9629 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15127 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=107643134712133&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9629",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9629"
},
{
"name": "ie-host-null-dos(15127)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15127"
},
{
"name": "20040210 ASPR #2004-01-20-1: Internet Explorer/Outlook double null character DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107643134712133\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if \"Do not save encrypted pages to disk\" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9629",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9629"
},
{
"name": "ie-host-null-dos(15127)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15127"
},
{
"name": "20040210 ASPR #2004-01-20-1: Internet Explorer/Outlook double null character DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107643134712133\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if \"Do not save encrypted pages to disk\" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9629"
},
{
"name": "ie-host-null-dos(15127)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15127"
},
{
"name": "20040210 ASPR #2004-01-20-1: Internet Explorer/Outlook double null character DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107643134712133\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0284",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1027
Vulnerability from cvelistv5
Published
2004-01-08 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:527",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527"
},
{
"name": "VU#413886",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "oval:org.mitre.oval:def:629",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629"
},
{
"name": "oval:org.mitre.oval:def:531",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2"
},
{
"name": "oval:org.mitre.oval:def:530",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530"
},
{
"name": "20031201 Comments on 5 IE vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"name": "TA04-033A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html"
},
{
"name": "MS04-004",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004"
},
{
"name": "oval:org.mitre.oval:def:532",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532"
},
{
"name": "oval:org.mitre.oval:def:534",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534"
},
{
"name": "20031125 HijackClickV2 - a successor of HijackClick attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106979479719446\u0026w=2"
},
{
"name": "ie-method-perform-actions(13844)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13844"
},
{
"name": "oval:org.mitre.oval:def:529",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529"
},
{
"name": "1006036",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1006036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the \"Function Pointer Drag and Drop Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:527",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527"
},
{
"name": "VU#413886",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "oval:org.mitre.oval:def:629",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629"
},
{
"name": "oval:org.mitre.oval:def:531",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2"
},
{
"name": "oval:org.mitre.oval:def:530",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530"
},
{
"name": "20031201 Comments on 5 IE vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"name": "TA04-033A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html"
},
{
"name": "MS04-004",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004"
},
{
"name": "oval:org.mitre.oval:def:532",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532"
},
{
"name": "oval:org.mitre.oval:def:534",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534"
},
{
"name": "20031125 HijackClickV2 - a successor of HijackClick attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106979479719446\u0026w=2"
},
{
"name": "ie-method-perform-actions(13844)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13844"
},
{
"name": "oval:org.mitre.oval:def:529",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529"
},
{
"name": "1006036",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1006036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the \"Function Pointer Drag and Drop Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:527",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527"
},
{
"name": "VU#413886",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "oval:org.mitre.oval:def:629",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629"
},
{
"name": "oval:org.mitre.oval:def:531",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531"
},
{
"name": "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2",
"refsource": "MISC",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2"
},
{
"name": "oval:org.mitre.oval:def:530",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530"
},
{
"name": "20031201 Comments on 5 IE vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"name": "TA04-033A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html"
},
{
"name": "MS04-004",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004"
},
{
"name": "oval:org.mitre.oval:def:532",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532"
},
{
"name": "oval:org.mitre.oval:def:534",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534"
},
{
"name": "20031125 HijackClickV2 - a successor of HijackClick attack",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106979479719446\u0026w=2"
},
{
"name": "ie-method-perform-actions(13844)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13844"
},
{
"name": "oval:org.mitre.oval:def:529",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529"
},
{
"name": "1006036",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1006036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1027",
"datePublished": "2004-01-08T05:00:00",
"dateReserved": "2004-01-07T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1359
Vulnerability from cvelistv5
Published
2006-03-23 00:00
Modified
2024-08-07 17:12
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:20.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.computerterrorism.com/research/ct22-03-2006"
},
{
"name": "20060328 EEYE: Temporary workaround for IE createTextRange vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/429088/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1678",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678"
},
{
"name": "20060328 Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote \"CreateTextRange()\" Code Execution)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/429124/30/6120/threaded"
},
{
"name": "ADV-2006-1050",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1050"
},
{
"name": "oval:org.mitre.oval:def:985",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985"
},
{
"name": "VU#876678",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/876678"
},
{
"name": "24050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24050"
},
{
"name": "oval:org.mitre.oval:def:1178",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178"
},
{
"name": "20060322 IE crash",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html"
},
{
"name": "TA06-101A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "oval:org.mitre.oval:def:1702",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702"
},
{
"name": "18680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18680"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2006-7/advisory/"
},
{
"name": "oval:org.mitre.oval:def:1657",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657"
},
{
"name": "ie-createtextrange-command-execution(25379)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25379"
},
{
"name": "20060327 Determina Fix for the IE createTextRange() bug",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html"
},
{
"name": "1015812",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015812"
},
{
"name": "MS06-013",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "20060322 IE crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428441"
},
{
"name": "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html"
},
{
"name": "20060322 FW: [Full-disclosure] IE crash",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html"
},
{
"name": "20060323 Secunia Research: Microsoft Internet Explorer \"createTextRange()\"Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428600/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/917077.mspx"
},
{
"name": "17196",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17196"
},
{
"name": "Q-154",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/q-154.shtml"
},
{
"name": "ADV-2006-1318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428583/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.computerterrorism.com/research/ct22-03-2006"
},
{
"name": "20060328 EEYE: Temporary workaround for IE createTextRange vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/429088/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1678",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678"
},
{
"name": "20060328 Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote \"CreateTextRange()\" Code Execution)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/429124/30/6120/threaded"
},
{
"name": "ADV-2006-1050",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1050"
},
{
"name": "oval:org.mitre.oval:def:985",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985"
},
{
"name": "VU#876678",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/876678"
},
{
"name": "24050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24050"
},
{
"name": "oval:org.mitre.oval:def:1178",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178"
},
{
"name": "20060322 IE crash",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html"
},
{
"name": "TA06-101A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "oval:org.mitre.oval:def:1702",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702"
},
{
"name": "18680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18680"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2006-7/advisory/"
},
{
"name": "oval:org.mitre.oval:def:1657",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657"
},
{
"name": "ie-createtextrange-command-execution(25379)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25379"
},
{
"name": "20060327 Determina Fix for the IE createTextRange() bug",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html"
},
{
"name": "1015812",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015812"
},
{
"name": "MS06-013",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "20060322 IE crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428441"
},
{
"name": "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html"
},
{
"name": "20060322 FW: [Full-disclosure] IE crash",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html"
},
{
"name": "20060323 Secunia Research: Microsoft Internet Explorer \"createTextRange()\"Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428600/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/917077.mspx"
},
{
"name": "17196",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17196"
},
{
"name": "Q-154",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/q-154.shtml"
},
{
"name": "ADV-2006-1318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428583/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.computerterrorism.com/research/ct22-03-2006",
"refsource": "MISC",
"url": "http://www.computerterrorism.com/research/ct22-03-2006"
},
{
"name": "20060328 EEYE: Temporary workaround for IE createTextRange vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429088/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1678",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678"
},
{
"name": "20060328 Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote \"CreateTextRange()\" Code Execution)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429124/30/6120/threaded"
},
{
"name": "ADV-2006-1050",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1050"
},
{
"name": "oval:org.mitre.oval:def:985",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985"
},
{
"name": "VU#876678",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/876678"
},
{
"name": "24050",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24050"
},
{
"name": "oval:org.mitre.oval:def:1178",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178"
},
{
"name": "20060322 IE crash",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html"
},
{
"name": "TA06-101A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "oval:org.mitre.oval:def:1702",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702"
},
{
"name": "18680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18680"
},
{
"name": "http://secunia.com/secunia_research/2006-7/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-7/advisory/"
},
{
"name": "oval:org.mitre.oval:def:1657",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657"
},
{
"name": "ie-createtextrange-command-execution(25379)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25379"
},
{
"name": "20060327 Determina Fix for the IE createTextRange() bug",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html"
},
{
"name": "1015812",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015812"
},
{
"name": "MS06-013",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "20060322 IE crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428441"
},
{
"name": "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html"
},
{
"name": "20060322 FW: [Full-disclosure] IE crash",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html"
},
{
"name": "20060323 Secunia Research: Microsoft Internet Explorer \"createTextRange()\"Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428600/100/0/threaded"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/917077.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/917077.mspx"
},
{
"name": "17196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17196"
},
{
"name": "Q-154",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/q-154.shtml"
},
{
"name": "ADV-2006-1318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428583/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-1359",
"datePublished": "2006-03-23T00:00:00",
"dateReserved": "2006-03-22T00:00:00",
"dateUpdated": "2024-08-07T17:12:20.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1303
Vulnerability from cvelistv5
Published
2006-06-13 19:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18328",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18328"
},
{
"name": "oval:org.mitre.oval:def:1135",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1135"
},
{
"name": "VU#959049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html"
},
{
"name": "20595",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20595"
},
{
"name": "ADV-2006-2319",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"name": "1016291",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016291"
},
{
"name": "20060613 ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437041/100/0/threaded"
},
{
"name": "ie-wmm2fxadll-execute-code(26774)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26774"
},
{
"name": "oval:org.mitre.oval:def:1767",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1767"
},
{
"name": "oval:org.mitre.oval:def:2017",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2017"
},
{
"name": "oval:org.mitre.oval:def:1973",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1973"
},
{
"name": "oval:org.mitre.oval:def:1928",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1928"
},
{
"name": "oval:org.mitre.oval:def:1830",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1830"
},
{
"name": "MS06-021",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
},
{
"name": "26442",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "18328",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18328"
},
{
"name": "oval:org.mitre.oval:def:1135",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1135"
},
{
"name": "VU#959049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html"
},
{
"name": "20595",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20595"
},
{
"name": "ADV-2006-2319",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"name": "1016291",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016291"
},
{
"name": "20060613 ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437041/100/0/threaded"
},
{
"name": "ie-wmm2fxadll-execute-code(26774)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26774"
},
{
"name": "oval:org.mitre.oval:def:1767",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1767"
},
{
"name": "oval:org.mitre.oval:def:2017",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2017"
},
{
"name": "oval:org.mitre.oval:def:1973",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1973"
},
{
"name": "oval:org.mitre.oval:def:1928",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1928"
},
{
"name": "oval:org.mitre.oval:def:1830",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1830"
},
{
"name": "MS06-021",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
},
{
"name": "26442",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18328"
},
{
"name": "oval:org.mitre.oval:def:1135",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1135"
},
{
"name": "VU#959049",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html"
},
{
"name": "20595",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20595"
},
{
"name": "ADV-2006-2319",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"name": "1016291",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016291"
},
{
"name": "20060613 ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437041/100/0/threaded"
},
{
"name": "ie-wmm2fxadll-execute-code(26774)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26774"
},
{
"name": "oval:org.mitre.oval:def:1767",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1767"
},
{
"name": "oval:org.mitre.oval:def:2017",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2017"
},
{
"name": "oval:org.mitre.oval:def:1973",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1973"
},
{
"name": "oval:org.mitre.oval:def:1928",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1928"
},
{
"name": "oval:org.mitre.oval:def:1830",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1830"
},
{
"name": "MS06-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
},
{
"name": "26442",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-1303",
"datePublished": "2006-06-13T19:00:00",
"dateReserved": "2006-03-20T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0217
Vulnerability from cvelistv5
Published
2007-02-13 22:00
Modified
2024-08-07 12:12
Severity ?
EPSS score ?
Summary
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.osvdb.org/31892 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/22489 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/613564 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA07-044A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securitytracker.com/id?1017642 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2007/0584 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/24156 | third-party-advisory, x_refsource_SECUNIA | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/archive/1/462303/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070213 Microsoft \u0027wininet.dll\u0027 FTP Reply Null Termination Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473"
},
{
"name": "31892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31892"
},
{
"name": "22489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22489"
},
{
"name": "VU#613564",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/613564"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "1017642",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017642"
},
{
"name": "ADV-2007-0584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"name": "24156",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24156"
},
{
"name": "MS07-016",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"name": "20070309 MS07-016 FTP Response DOS PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1141",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20070213 Microsoft \u0027wininet.dll\u0027 FTP Reply Null Termination Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473"
},
{
"name": "31892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31892"
},
{
"name": "22489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22489"
},
{
"name": "VU#613564",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/613564"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "1017642",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017642"
},
{
"name": "ADV-2007-0584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"name": "24156",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24156"
},
{
"name": "MS07-016",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"name": "20070309 MS07-016 FTP Response DOS PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1141",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070213 Microsoft \u0027wininet.dll\u0027 FTP Reply Null Termination Heap Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473"
},
{
"name": "31892",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31892"
},
{
"name": "22489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22489"
},
{
"name": "VU#613564",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/613564"
},
{
"name": "TA07-044A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "1017642",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017642"
},
{
"name": "ADV-2007-0584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"name": "24156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24156"
},
{
"name": "MS07-016",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"name": "20070309 MS07-016 FTP Response DOS PoC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1141",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0217",
"datePublished": "2007-02-13T22:00:00",
"dateReserved": "2007-01-12T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3638
Vulnerability from cvelistv5
Published
2006-08-08 23:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/959049 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1016663 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | vendor-advisory, x_refsource_MS | |
| http://www.osvdb.org/27852 | vdb-entry, x_refsource_OSVDB | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A719 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/archive/1/442728/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/21396 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/3212 | vdb-entry, x_refsource_VUPEN | |
| http://www.us-cert.gov/cas/techalerts/TA06-220A.html | third-party-advisory, x_refsource_CERT | |
| http://www.tippingpoint.com/security/advisories/TSRT-06-09.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/19340 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#959049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "1016663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "27852",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27852"
},
{
"name": "oval:org.mitre.oval:def:719",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A719"
},
{
"name": "20060808 TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442728/100/0/threaded"
},
{
"name": "21396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-09.html"
},
{
"name": "19340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19340"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka \"COM Object Instantiation Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "VU#959049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "1016663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "27852",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27852"
},
{
"name": "oval:org.mitre.oval:def:719",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A719"
},
{
"name": "20060808 TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442728/100/0/threaded"
},
{
"name": "21396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-09.html"
},
{
"name": "19340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19340"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka \"COM Object Instantiation Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#959049",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "1016663",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "27852",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27852"
},
{
"name": "oval:org.mitre.oval:def:719",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A719"
},
{
"name": "20060808 TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442728/100/0/threaded"
},
{
"name": "21396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "http://www.tippingpoint.com/security/advisories/TSRT-06-09.html",
"refsource": "MISC",
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-09.html"
},
{
"name": "19340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19340"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3638",
"datePublished": "2006-08-08T23:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2433
Vulnerability from cvelistv5
Published
2009-07-10 20:25
Modified
2024-08-07 05:52
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.exploit-db.com/exploits/9100 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/35620 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:12829",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829"
},
{
"name": "9100",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9100"
},
{
"name": "35620",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35620"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:12829",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829"
},
{
"name": "9100",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9100"
},
{
"name": "35620",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35620"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12829",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829"
},
{
"name": "9100",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9100"
},
{
"name": "35620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35620"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2433",
"datePublished": "2009-07-10T20:25:00",
"dateReserved": "2009-07-10T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0943
Vulnerability from cvelistv5
Published
2007-08-14 21:00
Modified
2024-08-07 12:34
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA07-226A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1673 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.vupen.com/english/advisories/2007/2869 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/26419 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.nsfocus.com/english/homepage/research/0701.htm | x_refsource_MISC | |
| http://www.osvdb.org/36397 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/25288 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1018562 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS07-045",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045"
},
{
"name": "TA07-226A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"name": "oval:org.mitre.oval:def:1673",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1673"
},
{
"name": "ADV-2007-2869",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2869"
},
{
"name": "26419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nsfocus.com/english/homepage/research/0701.htm"
},
{
"name": "36397",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/36397"
},
{
"name": "25288",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25288"
},
{
"name": "1018562",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018562"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS07-045",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045"
},
{
"name": "TA07-226A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"name": "oval:org.mitre.oval:def:1673",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1673"
},
{
"name": "ADV-2007-2869",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2869"
},
{
"name": "26419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nsfocus.com/english/homepage/research/0701.htm"
},
{
"name": "36397",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/36397"
},
{
"name": "25288",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25288"
},
{
"name": "1018562",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018562"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS07-045",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045"
},
{
"name": "TA07-226A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"name": "oval:org.mitre.oval:def:1673",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1673"
},
{
"name": "ADV-2007-2869",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2869"
},
{
"name": "26419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26419"
},
{
"name": "http://www.nsfocus.com/english/homepage/research/0701.htm",
"refsource": "MISC",
"url": "http://www.nsfocus.com/english/homepage/research/0701.htm"
},
{
"name": "36397",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/36397"
},
{
"name": "25288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25288"
},
{
"name": "1018562",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018562"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0943",
"datePublished": "2007-08-14T21:00:00",
"dateReserved": "2007-02-14T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0816
Vulnerability from cvelistv5
Published
2004-01-14 05:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030910 MSIE-\u003eWsFakeSrc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2"
},
{
"name": "20030910 MSIE-\u003eWsOpenJpuInHistory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html"
},
{
"name": "oval:org.mitre.oval:def:362",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362"
},
{
"name": "oval:org.mitre.oval:def:361",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361"
},
{
"name": "oval:org.mitre.oval:def:416",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416"
},
{
"name": "20030910 MSIE-\u003eWsBASEjpu",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM"
},
{
"name": "20030910 MSIE-\u003eNAFjpuInHistory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2"
},
{
"name": "VU#771604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/771604"
},
{
"name": "20030910 MSIE-\u003eBackMyParent2:Multi-Thread version",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2"
},
{
"name": "MS03-048",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "1007687",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007687"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm"
},
{
"name": "oval:org.mitre.oval:def:409",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409"
},
{
"name": "oval:org.mitre.oval:def:479",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479"
},
{
"name": "20030911 LiuDieYu\u0027s missing files are here.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm"
},
{
"name": "oval:org.mitre.oval:def:459",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459"
},
{
"name": "20030910 MSIE-\u003eNAFfileJPU",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/336937"
},
{
"name": "20030910 MSIE-\u003eWsOpenFileJPU",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2"
},
{
"name": "20030910 MSIE-\u003eRefBack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM"
},
{
"name": "oval:org.mitre.oval:def:363",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM"
},
{
"name": "10192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10192"
},
{
"name": "VU#652452",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/652452"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030910 MSIE-\u003eWsFakeSrc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2"
},
{
"name": "20030910 MSIE-\u003eWsOpenJpuInHistory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html"
},
{
"name": "oval:org.mitre.oval:def:362",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362"
},
{
"name": "oval:org.mitre.oval:def:361",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361"
},
{
"name": "oval:org.mitre.oval:def:416",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416"
},
{
"name": "20030910 MSIE-\u003eWsBASEjpu",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM"
},
{
"name": "20030910 MSIE-\u003eNAFjpuInHistory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2"
},
{
"name": "VU#771604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/771604"
},
{
"name": "20030910 MSIE-\u003eBackMyParent2:Multi-Thread version",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2"
},
{
"name": "MS03-048",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "1007687",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007687"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm"
},
{
"name": "oval:org.mitre.oval:def:409",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409"
},
{
"name": "oval:org.mitre.oval:def:479",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479"
},
{
"name": "20030911 LiuDieYu\u0027s missing files are here.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm"
},
{
"name": "oval:org.mitre.oval:def:459",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459"
},
{
"name": "20030910 MSIE-\u003eNAFfileJPU",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/336937"
},
{
"name": "20030910 MSIE-\u003eWsOpenFileJPU",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2"
},
{
"name": "20030910 MSIE-\u003eRefBack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM"
},
{
"name": "oval:org.mitre.oval:def:363",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM"
},
{
"name": "10192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10192"
},
{
"name": "VU#652452",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/652452"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030910 MSIE-\u003eWsFakeSrc",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2"
},
{
"name": "20030910 MSIE-\u003eWsOpenJpuInHistory",
"refsource": "BUGTRAQ",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html"
},
{
"name": "oval:org.mitre.oval:def:362",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362"
},
{
"name": "oval:org.mitre.oval:def:361",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361"
},
{
"name": "oval:org.mitre.oval:def:416",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416"
},
{
"name": "20030910 MSIE-\u003eWsBASEjpu",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2"
},
{
"name": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM",
"refsource": "MISC",
"url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM"
},
{
"name": "20030910 MSIE-\u003eNAFjpuInHistory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2"
},
{
"name": "VU#771604",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/771604"
},
{
"name": "20030910 MSIE-\u003eBackMyParent2:Multi-Thread version",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2"
},
{
"name": "MS03-048",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "1007687",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007687"
},
{
"name": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM",
"refsource": "MISC",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM"
},
{
"name": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm",
"refsource": "MISC",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm"
},
{
"name": "oval:org.mitre.oval:def:409",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409"
},
{
"name": "oval:org.mitre.oval:def:479",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479"
},
{
"name": "20030911 LiuDieYu\u0027s missing files are here.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"name": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm",
"refsource": "MISC",
"url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm"
},
{
"name": "oval:org.mitre.oval:def:459",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459"
},
{
"name": "20030910 MSIE-\u003eNAFfileJPU",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/336937"
},
{
"name": "20030910 MSIE-\u003eWsOpenFileJPU",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2"
},
{
"name": "20030910 MSIE-\u003eRefBack",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2"
},
{
"name": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM",
"refsource": "MISC",
"url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM"
},
{
"name": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM",
"refsource": "MISC",
"url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM"
},
{
"name": "oval:org.mitre.oval:def:363",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363"
},
{
"name": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM",
"refsource": "MISC",
"url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM"
},
{
"name": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM",
"refsource": "MISC",
"url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM"
},
{
"name": "10192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10192"
},
{
"name": "VU#652452",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/652452"
},
{
"name": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM",
"refsource": "MISC",
"url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0816",
"datePublished": "2004-01-14T05:00:00",
"dateReserved": "2003-09-18T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2900
Vulnerability from cvelistv5
Published
2006-06-07 16:00
Modified
2024-08-07 18:06
Severity ?
EPSS score ?
Summary
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/2161 | vdb-entry, x_refsource_VUPEN | |
| http://securityreason.com/securityalert/1059 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/18308 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/20449 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2161",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2161"
},
{
"name": "1059",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1059"
},
{
"name": "18308",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18308"
},
{
"name": "20449",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20449"
},
{
"name": "20060605 file upload widgets in IE and Firefox have issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-06-13T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2161",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2161"
},
{
"name": "1059",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1059"
},
{
"name": "18308",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18308"
},
{
"name": "20449",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20449"
},
{
"name": "20060605 file upload widgets in IE and Firefox have issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2161",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2161"
},
{
"name": "1059",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1059"
},
{
"name": "18308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18308"
},
{
"name": "20449",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20449"
},
{
"name": "20060605 file upload widgets in IE and Firefox have issues",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2900",
"datePublished": "2006-06-07T16:00:00",
"dateReserved": "2006-06-07T00:00:00",
"dateUpdated": "2024-08-07T18:06:27.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1185
Vulnerability from cvelistv5
Published
2006-04-11 23:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18957"
},
{
"name": "1015900",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015900"
},
{
"name": "oval:org.mitre.oval:def:1677",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677"
},
{
"name": "oval:org.mitre.oval:def:787",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787"
},
{
"name": "TA06-101A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "oval:org.mitre.oval:def:1711",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711"
},
{
"name": "17450",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17450"
},
{
"name": "ie-html-execute-code(25542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542"
},
{
"name": "VU#503124",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/503124"
},
{
"name": "MS06-013",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "ADV-2006-1318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "18957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18957"
},
{
"name": "1015900",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015900"
},
{
"name": "oval:org.mitre.oval:def:1677",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677"
},
{
"name": "oval:org.mitre.oval:def:787",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787"
},
{
"name": "TA06-101A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "oval:org.mitre.oval:def:1711",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711"
},
{
"name": "17450",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17450"
},
{
"name": "ie-html-execute-code(25542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542"
},
{
"name": "VU#503124",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/503124"
},
{
"name": "MS06-013",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "ADV-2006-1318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18957"
},
{
"name": "1015900",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015900"
},
{
"name": "oval:org.mitre.oval:def:1677",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677"
},
{
"name": "oval:org.mitre.oval:def:787",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787"
},
{
"name": "TA06-101A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "oval:org.mitre.oval:def:1711",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711"
},
{
"name": "17450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17450"
},
{
"name": "ie-html-execute-code(25542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542"
},
{
"name": "VU#503124",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/503124"
},
{
"name": "MS06-013",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "ADV-2006-1318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-1185",
"datePublished": "2006-04-11T23:00:00",
"dateReserved": "2006-03-13T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2090
Vulnerability from cvelistv5
Published
2005-05-19 04:00
Modified
2024-08-08 01:15
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/9611 | vdb-entry, x_refsource_BID | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15078 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/10820 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9611",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9611"
},
{
"name": "20040207 (no subject)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html"
},
{
"name": "ie-error-obtain-information(15078)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15078"
},
{
"name": "10820",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10820"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9611",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9611"
},
{
"name": "20040207 (no subject)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html"
},
{
"name": "ie-error-obtain-information(15078)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15078"
},
{
"name": "10820",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10820"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9611"
},
{
"name": "20040207 (no subject)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html"
},
{
"name": "ie-error-obtain-information(15078)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15078"
},
{
"name": "10820",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10820"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2090",
"datePublished": "2005-05-19T04:00:00",
"dateReserved": "2005-05-19T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1254
Vulnerability from cvelistv5
Published
2002-11-27 05:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6028",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6028"
},
{
"name": "MS02-066",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"name": "20021022 Vulnerable cached objects in IE (9 advisories in 1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103530131201191\u0026w=2"
},
{
"name": "ie-cache-showmodaldialog-dom-access(10432)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10432"
},
{
"name": "ie-cache-getelementsbytagname-dom-access(10438)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10438.php"
},
{
"name": "ie-cache-getelementsbyname-dom-access(10437)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10437.php"
},
{
"name": "oval:org.mitre.oval:def:388",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388"
},
{
"name": "ie-cache-getelementbyid-dom-access(10436)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10436.php"
},
{
"name": "oval:org.mitre.oval:def:408",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408"
},
{
"name": "ie-cache-elementfrompoint-dom-access(10435)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10435.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.greymagic.com/adv/gm012-ie/"
},
{
"name": "N-018",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-018.shtml"
},
{
"name": "ie-cache-execcommand-dom-access(10439)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10439.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka \"Cross Domain Verification via Cached Methods.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6028",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6028"
},
{
"name": "MS02-066",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"name": "20021022 Vulnerable cached objects in IE (9 advisories in 1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103530131201191\u0026w=2"
},
{
"name": "ie-cache-showmodaldialog-dom-access(10432)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10432"
},
{
"name": "ie-cache-getelementsbytagname-dom-access(10438)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10438.php"
},
{
"name": "ie-cache-getelementsbyname-dom-access(10437)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10437.php"
},
{
"name": "oval:org.mitre.oval:def:388",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388"
},
{
"name": "ie-cache-getelementbyid-dom-access(10436)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10436.php"
},
{
"name": "oval:org.mitre.oval:def:408",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408"
},
{
"name": "ie-cache-elementfrompoint-dom-access(10435)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10435.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.greymagic.com/adv/gm012-ie/"
},
{
"name": "N-018",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-018.shtml"
},
{
"name": "ie-cache-execcommand-dom-access(10439)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10439.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka \"Cross Domain Verification via Cached Methods.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6028",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6028"
},
{
"name": "MS02-066",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"name": "20021022 Vulnerable cached objects in IE (9 advisories in 1)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103530131201191\u0026w=2"
},
{
"name": "ie-cache-showmodaldialog-dom-access(10432)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10432"
},
{
"name": "ie-cache-getelementsbytagname-dom-access(10438)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10438.php"
},
{
"name": "ie-cache-getelementsbyname-dom-access(10437)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10437.php"
},
{
"name": "oval:org.mitre.oval:def:388",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388"
},
{
"name": "ie-cache-getelementbyid-dom-access(10436)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10436.php"
},
{
"name": "oval:org.mitre.oval:def:408",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408"
},
{
"name": "ie-cache-elementfrompoint-dom-access(10435)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10435.php"
},
{
"name": "http://security.greymagic.com/adv/gm012-ie/",
"refsource": "MISC",
"url": "http://security.greymagic.com/adv/gm012-ie/"
},
{
"name": "N-018",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-018.shtml"
},
{
"name": "ie-cache-execcommand-dom-access(10439)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10439.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1254",
"datePublished": "2002-11-27T05:00:00",
"dateReserved": "2002-11-04T00:00:00",
"dateUpdated": "2024-08-08T03:19:28.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3730
Vulnerability from cvelistv5
Published
2006-07-19 23:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016941",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016941"
},
{
"name": "TA06-283A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html"
},
{
"name": "TA06-270A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html"
},
{
"name": "MS06-057",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "VU#753044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/753044"
},
{
"name": "20060927 Exploit module available for WebViewFolderIcon setSlice 0-day",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:339",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.php?storyid=1742"
},
{
"name": "ie-webviewfoldericon-dos(27804)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804"
},
{
"name": "20060929 Determina zero-day fix for CVE-2006-3730 (WebViewFolderIcon setSlice Integer Overflow)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded"
},
{
"name": "20060930 setSlice exploited in the wild - massively",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://riosec.com/msie-setslice-vuln"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "27110",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27110"
},
{
"name": "19030",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19030"
},
{
"name": "ADV-2006-2882",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html"
},
{
"name": "2440",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2440"
},
{
"name": "20060930 ZERT patch for setSlice()",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded"
},
{
"name": "22159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016941",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016941"
},
{
"name": "TA06-283A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html"
},
{
"name": "TA06-270A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html"
},
{
"name": "MS06-057",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "VU#753044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/753044"
},
{
"name": "20060927 Exploit module available for WebViewFolderIcon setSlice 0-day",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:339",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.php?storyid=1742"
},
{
"name": "ie-webviewfoldericon-dos(27804)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804"
},
{
"name": "20060929 Determina zero-day fix for CVE-2006-3730 (WebViewFolderIcon setSlice Integer Overflow)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded"
},
{
"name": "20060930 setSlice exploited in the wild - massively",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://riosec.com/msie-setslice-vuln"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "27110",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27110"
},
{
"name": "19030",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19030"
},
{
"name": "ADV-2006-2882",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html"
},
{
"name": "2440",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2440"
},
{
"name": "20060930 ZERT patch for setSlice()",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded"
},
{
"name": "22159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22159"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016941",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016941"
},
{
"name": "TA06-283A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html"
},
{
"name": "TA06-270A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html"
},
{
"name": "MS06-057",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057"
},
{
"name": "SSRT061264",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "VU#753044",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/753044"
},
{
"name": "20060927 Exploit module available for WebViewFolderIcon setSlice 0-day",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:339",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339"
},
{
"name": "http://isc.sans.org/diary.php?storyid=1742",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.php?storyid=1742"
},
{
"name": "ie-webviewfoldericon-dos(27804)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804"
},
{
"name": "20060929 Determina zero-day fix for CVE-2006-3730 (WebViewFolderIcon setSlice Integer Overflow)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded"
},
{
"name": "20060930 setSlice exploited in the wild - massively",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded"
},
{
"name": "http://riosec.com/msie-setslice-vuln",
"refsource": "MISC",
"url": "http://riosec.com/msie-setslice-vuln"
},
{
"name": "HPSBST02161",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "27110",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27110"
},
{
"name": "19030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19030"
},
{
"name": "ADV-2006-2882",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2882"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html"
},
{
"name": "2440",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2440"
},
{
"name": "20060930 ZERT patch for setSlice()",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded"
},
{
"name": "22159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22159"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3730",
"datePublished": "2006-07-19T23:00:00",
"dateReserved": "2006-07-19T00:00:00",
"dateUpdated": "2024-08-07T18:39:54.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4219
Vulnerability from cvelistv5
Published
2006-08-18 19:00
Modified
2024-08-07 18:57
Severity ?
EPSS score ?
Summary
The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/1403 | third-party-advisory, x_refsource_SREASON | |
| http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=14 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/443493/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/19570 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28444 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1403",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1403"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=14"
},
{
"name": "20060817 [XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443493/100/0/threaded"
},
{
"name": "19570",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19570"
},
{
"name": "ie-tsuserex-dos(28444)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1403",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1403"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=14"
},
{
"name": "20060817 [XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443493/100/0/threaded"
},
{
"name": "19570",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19570"
},
{
"name": "ie-tsuserex-dos(28444)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1403",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1403"
},
{
"name": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=14",
"refsource": "MISC",
"url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=14"
},
{
"name": "20060817 [XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443493/100/0/threaded"
},
{
"name": "19570",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19570"
},
{
"name": "ie-tsuserex-dos(28444)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4219",
"datePublished": "2006-08-18T19:00:00",
"dateReserved": "2006-08-18T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2385
Vulnerability from cvelistv5
Published
2006-06-13 19:00
Modified
2024-08-07 17:51
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:03.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20595",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20595"
},
{
"name": "ADV-2006-2319",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"name": "oval:org.mitre.oval:def:1609",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1609"
},
{
"name": "oval:org.mitre.oval:def:1911",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1911"
},
{
"name": "1016291",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016291"
},
{
"name": "oval:org.mitre.oval:def:1423",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1423"
},
{
"name": "oval:org.mitre.oval:def:1916",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1916"
},
{
"name": "26446",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26446"
},
{
"name": "oval:org.mitre.oval:def:1665",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1665"
},
{
"name": "oval:org.mitre.oval:def:1167",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1167"
},
{
"name": "18320",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18320"
},
{
"name": "MS06-021",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
},
{
"name": "ie-mht-code-execution(26782)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26782"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20595",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20595"
},
{
"name": "ADV-2006-2319",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"name": "oval:org.mitre.oval:def:1609",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1609"
},
{
"name": "oval:org.mitre.oval:def:1911",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1911"
},
{
"name": "1016291",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016291"
},
{
"name": "oval:org.mitre.oval:def:1423",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1423"
},
{
"name": "oval:org.mitre.oval:def:1916",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1916"
},
{
"name": "26446",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26446"
},
{
"name": "oval:org.mitre.oval:def:1665",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1665"
},
{
"name": "oval:org.mitre.oval:def:1167",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1167"
},
{
"name": "18320",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18320"
},
{
"name": "MS06-021",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
},
{
"name": "ie-mht-code-execution(26782)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26782"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-2385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20595",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20595"
},
{
"name": "ADV-2006-2319",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"name": "oval:org.mitre.oval:def:1609",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1609"
},
{
"name": "oval:org.mitre.oval:def:1911",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1911"
},
{
"name": "1016291",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016291"
},
{
"name": "oval:org.mitre.oval:def:1423",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1423"
},
{
"name": "oval:org.mitre.oval:def:1916",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1916"
},
{
"name": "26446",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26446"
},
{
"name": "oval:org.mitre.oval:def:1665",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1665"
},
{
"name": "oval:org.mitre.oval:def:1167",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1167"
},
{
"name": "18320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18320"
},
{
"name": "MS06-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
},
{
"name": "ie-mht-code-execution(26782)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26782"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-2385",
"datePublished": "2006-06-13T19:00:00",
"dateReserved": "2006-05-15T00:00:00",
"dateUpdated": "2024-08-07T17:51:03.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1155
Vulnerability from cvelistv5
Published
2004-12-10 05:00
Modified
2024-08-08 00:39
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11855 | vdb-entry, x_refsource_BID | |
| http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ | x_refsource_MISC | |
| http://secunia.com/advisories/22628 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/449917/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/13251/ | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/secunia_research/2004-13/advisory/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11855",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/"
},
{
"name": "22628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22628"
},
{
"name": "20061025 IE7 status: 8 days after release, 3 unfixed issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded"
},
{
"name": "13251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13251/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2004-13/advisory/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11855",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/"
},
{
"name": "22628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22628"
},
{
"name": "20061025 IE7 status: 8 days after release, 3 unfixed issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded"
},
{
"name": "13251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13251/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2004-13/advisory/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11855"
},
{
"name": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/",
"refsource": "MISC",
"url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/"
},
{
"name": "22628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22628"
},
{
"name": "20061025 IE7 status: 8 days after release, 3 unfixed issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded"
},
{
"name": "13251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13251/"
},
{
"name": "http://secunia.com/secunia_research/2004-13/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2004-13/advisory/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1155",
"datePublished": "2004-12-10T05:00:00",
"dateReserved": "2004-12-08T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0219
Vulnerability from cvelistv5
Published
2007-02-13 23:00
Modified
2024-08-07 12:12
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32427 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1017643 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/31894 | vdb-entry, x_refsource_OSVDB | |
| http://www.kb.cert.org/vuls/id/771788 | third-party-advisory, x_refsource_CERT-VN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A257 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.osvdb.org/31895 | vdb-entry, x_refsource_OSVDB | |
| http://www.us-cert.gov/cas/techalerts/TA07-044A.html | third-party-advisory, x_refsource_CERT | |
| http://www.vupen.com/english/advisories/2007/0584 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/31893 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/24156 | third-party-advisory, x_refsource_SECUNIA | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/22504 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-com-activex-code-execution(32427)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32427"
},
{
"name": "1017643",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017643"
},
{
"name": "31894",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31894"
},
{
"name": "VU#771788",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/771788"
},
{
"name": "oval:org.mitre.oval:def:257",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A257"
},
{
"name": "31895",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31895"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "ADV-2007-0584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"name": "31893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31893"
},
{
"name": "24156",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24156"
},
{
"name": "MS07-016",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"name": "22504",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ie-com-activex-code-execution(32427)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32427"
},
{
"name": "1017643",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017643"
},
{
"name": "31894",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31894"
},
{
"name": "VU#771788",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/771788"
},
{
"name": "oval:org.mitre.oval:def:257",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A257"
},
{
"name": "31895",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31895"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "ADV-2007-0584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"name": "31893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31893"
},
{
"name": "24156",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24156"
},
{
"name": "MS07-016",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"name": "22504",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22504"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-com-activex-code-execution(32427)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32427"
},
{
"name": "1017643",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017643"
},
{
"name": "31894",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31894"
},
{
"name": "VU#771788",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/771788"
},
{
"name": "oval:org.mitre.oval:def:257",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A257"
},
{
"name": "31895",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31895"
},
{
"name": "TA07-044A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "ADV-2007-0584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"name": "31893",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31893"
},
{
"name": "24156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24156"
},
{
"name": "MS07-016",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"name": "22504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22504"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0219",
"datePublished": "2007-02-13T23:00:00",
"dateReserved": "2007-01-12T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5577
Vulnerability from cvelistv5
Published
2006-12-12 20:00
Modified
2024-08-07 19:55
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/4966 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/23288 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.us-cert.gov/cas/techalerts/TA06-346A.html | third-party-advisory, x_refsource_CERT | |
| http://securitytracker.com/id?1017374 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/21507 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/454969/100/200/threaded | vendor-advisory, x_refsource_HP | |
| http://www.securityfocus.com/archive/1/454969/100/200/threaded | vendor-advisory, x_refsource_HP | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072 | vendor-advisory, x_refsource_MS | |
| http://www.osvdb.org/30816 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:53.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4966",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4966"
},
{
"name": "23288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23288"
},
{
"name": "TA06-346A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"name": "1017374",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017374"
},
{
"name": "oval:org.mitre.oval:def:313",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313"
},
{
"name": "21507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21507"
},
{
"name": "SSRT061288",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "HPSBST02180",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "MS06-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
},
{
"name": "30816",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30816"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5578."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2006-4966",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4966"
},
{
"name": "23288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23288"
},
{
"name": "TA06-346A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"name": "1017374",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017374"
},
{
"name": "oval:org.mitre.oval:def:313",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313"
},
{
"name": "21507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21507"
},
{
"name": "SSRT061288",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "HPSBST02180",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "MS06-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
},
{
"name": "30816",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30816"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-5577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5578."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4966",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4966"
},
{
"name": "23288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23288"
},
{
"name": "TA06-346A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"name": "1017374",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017374"
},
{
"name": "oval:org.mitre.oval:def:313",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313"
},
{
"name": "21507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21507"
},
{
"name": "SSRT061288",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "HPSBST02180",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "MS06-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
},
{
"name": "30816",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30816"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-5577",
"datePublished": "2006-12-12T20:00:00",
"dateReserved": "2006-10-27T00:00:00",
"dateUpdated": "2024-08-07T19:55:53.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1559
Vulnerability from cvelistv5
Published
2008-07-14 23:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/348574 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/9295 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/348360 | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/3989 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:16.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/348574"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html"
},
{
"name": "9295",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9295"
},
{
"name": "20031224 IE 5.22 on Mac Transmitting HTTP Referer from Secure Page",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/348360"
},
{
"name": "3989",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-29T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/348574"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html"
},
{
"name": "9295",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9295"
},
{
"name": "20031224 IE 5.22 on Mac Transmitting HTTP Referer from Secure Page",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/348360"
},
{
"name": "3989",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/348574"
},
{
"name": "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html",
"refsource": "MISC",
"url": "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html"
},
{
"name": "9295",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9295"
},
{
"name": "20031224 IE 5.22 on Mac Transmitting HTTP Referer from Secure Page",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/348360"
},
{
"name": "3989",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1559",
"datePublished": "2008-07-14T23:00:00",
"dateReserved": "2008-07-14T00:00:00",
"dateUpdated": "2024-08-08T02:35:16.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0513
Vulnerability from cvelistv5
Published
2004-03-16 05:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html | mailing-list, x_refsource_FULLDISC | |
| http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html | mailing-list, x_refsource_VULNWATCH |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html"
},
{
"name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-03-18T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html"
},
{
"name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html"
},
{
"name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0513",
"datePublished": "2004-03-16T05:00:00",
"dateReserved": "2003-07-07T00:00:00",
"dateUpdated": "2024-08-08T01:58:10.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4495
Vulnerability from cvelistv5
Published
2006-08-31 22:00
Modified
2024-08-07 19:14
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/1474 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/19636 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/443896/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=16 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28512 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1474",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1474"
},
{
"name": "19636",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19636"
},
{
"name": "20060821 [XSec-06-08]: Windows 2000 Multiple COM Object Instantiation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443896/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=16"
},
{
"name": "ie-win2k-com-dos(28512)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1474",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1474"
},
{
"name": "19636",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19636"
},
{
"name": "20060821 [XSec-06-08]: Windows 2000 Multiple COM Object Instantiation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443896/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=16"
},
{
"name": "ie-win2k-com-dos(28512)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28512"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1474",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1474"
},
{
"name": "19636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19636"
},
{
"name": "20060821 [XSec-06-08]: Windows 2000 Multiple COM Object Instantiation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443896/100/100/threaded"
},
{
"name": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=16",
"refsource": "MISC",
"url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=16"
},
{
"name": "ie-win2k-com-dos(28512)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28512"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4495",
"datePublished": "2006-08-31T22:00:00",
"dateReserved": "2006-08-31T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5578
Vulnerability from cvelistv5
Published
2006-12-12 20:00
Modified
2024-08-07 19:55
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/4966 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/23288 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/694344 | third-party-advisory, x_refsource_CERT-VN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A337 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA06-346A.html | third-party-advisory, x_refsource_CERT | |
| http://securitytracker.com/id?1017374 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/21494 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/454969/100/200/threaded | vendor-advisory, x_refsource_HP | |
| http://www.securityfocus.com/archive/1/454969/100/200/threaded | vendor-advisory, x_refsource_HP | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072 | vendor-advisory, x_refsource_MS | |
| http://www.osvdb.org/30815 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:53.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4966",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4966"
},
{
"name": "23288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23288"
},
{
"name": "VU#694344",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/694344"
},
{
"name": "oval:org.mitre.oval:def:337",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A337"
},
{
"name": "TA06-346A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"name": "1017374",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017374"
},
{
"name": "21494",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21494"
},
{
"name": "SSRT061288",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "HPSBST02180",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "MS06-072",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
},
{
"name": "30815",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5577."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2006-4966",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4966"
},
{
"name": "23288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23288"
},
{
"name": "VU#694344",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/694344"
},
{
"name": "oval:org.mitre.oval:def:337",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A337"
},
{
"name": "TA06-346A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"name": "1017374",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017374"
},
{
"name": "21494",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21494"
},
{
"name": "SSRT061288",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "HPSBST02180",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "MS06-072",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
},
{
"name": "30815",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-5578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5577."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4966",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4966"
},
{
"name": "23288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23288"
},
{
"name": "VU#694344",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/694344"
},
{
"name": "oval:org.mitre.oval:def:337",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A337"
},
{
"name": "TA06-346A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"name": "1017374",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017374"
},
{
"name": "21494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21494"
},
{
"name": "SSRT061288",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "HPSBST02180",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "MS06-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
},
{
"name": "30815",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-5578",
"datePublished": "2006-12-12T20:00:00",
"dateReserved": "2006-10-27T00:00:00",
"dateUpdated": "2024-08-07T19:55:53.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1765
Vulnerability from cvelistv5
Published
2007-03-30 00:00
Modified
2024-08-07 13:06
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/464287/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://research.eeye.com/html/alerts/zeroday/20070328.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/464345/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2007/1151 | vdb-entry, x_refsource_VUPEN | |
| http://vil.nai.com/vil/content/v_141860.htm | x_refsource_MISC | |
| http://www.avertlabs.com/research/blog/?p=230 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/23194 | vdb-entry, x_refsource_BID | |
| http://www.microsoft.com/technet/security/advisory/935423.mspx | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1017827 | vdb-entry, x_refsource_SECTRACK | |
| http://www.avertlabs.com/research/blog/?p=233 | x_refsource_MISC | |
| http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070330 ANI Zeroday, Third Party Patch",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
},
{
"name": "20070331 Windows .ANI Stack Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
},
{
"name": "ADV-2007-1151",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1151"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vil.nai.com/vil/content/v_141860.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.avertlabs.com/research/blog/?p=230"
},
{
"name": "23194",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
},
{
"name": "1017827",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017827"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.avertlabs.com/research/blog/?p=233"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070330 ANI Zeroday, Third Party Patch",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
},
{
"name": "20070331 Windows .ANI Stack Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
},
{
"name": "ADV-2007-1151",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1151"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vil.nai.com/vil/content/v_141860.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.avertlabs.com/research/blog/?p=230"
},
{
"name": "23194",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
},
{
"name": "1017827",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017827"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.avertlabs.com/research/blog/?p=233"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070330 ANI Zeroday, Third Party Patch",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
},
{
"name": "http://research.eeye.com/html/alerts/zeroday/20070328.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
},
{
"name": "20070331 Windows .ANI Stack Overflow Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
},
{
"name": "ADV-2007-1151",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1151"
},
{
"name": "http://vil.nai.com/vil/content/v_141860.htm",
"refsource": "MISC",
"url": "http://vil.nai.com/vil/content/v_141860.htm"
},
{
"name": "http://www.avertlabs.com/research/blog/?p=230",
"refsource": "MISC",
"url": "http://www.avertlabs.com/research/blog/?p=230"
},
{
"name": "23194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23194"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/935423.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
},
{
"name": "1017827",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017827"
},
{
"name": "http://www.avertlabs.com/research/blog/?p=233",
"refsource": "MISC",
"url": "http://www.avertlabs.com/research/blog/?p=233"
},
{
"name": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/",
"refsource": "MISC",
"url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1765",
"datePublished": "2007-03-30T00:00:00",
"dateReserved": "2007-03-29T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0814
Vulnerability from cvelistv5
Published
2004-01-14 05:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm"
},
{
"name": "oval:org.mitre.oval:def:335",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335"
},
{
"name": "oval:org.mitre.oval:def:342",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342"
},
{
"name": "MS03-048",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "1007687",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007687"
},
{
"name": "oval:org.mitre.oval:def:392",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392"
},
{
"name": "oval:org.mitre.oval:def:341",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341"
},
{
"name": "20030911 LiuDieYu\u0027s missing files are here.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"name": "oval:org.mitre.oval:def:344",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344"
},
{
"name": "oval:org.mitre.oval:def:349",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349"
},
{
"name": "oval:org.mitre.oval:def:343",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343"
},
{
"name": "20030910 MSIE-\u003eBodyRefreshLoadsJPU:refresh is a new navigation method",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html"
},
{
"name": "VU#326412",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/326412"
},
{
"name": "10192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10192"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window\u0027s \"href\" to the malicious Javascript, then calling execCommand(\"Refresh\") to refresh the page, aka BodyRefreshLoadsJPU or the \"ExecCommand Cross Domain\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm"
},
{
"name": "oval:org.mitre.oval:def:335",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335"
},
{
"name": "oval:org.mitre.oval:def:342",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342"
},
{
"name": "MS03-048",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "1007687",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007687"
},
{
"name": "oval:org.mitre.oval:def:392",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392"
},
{
"name": "oval:org.mitre.oval:def:341",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341"
},
{
"name": "20030911 LiuDieYu\u0027s missing files are here.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"name": "oval:org.mitre.oval:def:344",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344"
},
{
"name": "oval:org.mitre.oval:def:349",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349"
},
{
"name": "oval:org.mitre.oval:def:343",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343"
},
{
"name": "20030910 MSIE-\u003eBodyRefreshLoadsJPU:refresh is a new navigation method",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html"
},
{
"name": "VU#326412",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/326412"
},
{
"name": "10192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window\u0027s \"href\" to the malicious Javascript, then calling execCommand(\"Refresh\") to refresh the page, aka BodyRefreshLoadsJPU or the \"ExecCommand Cross Domain\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm",
"refsource": "MISC",
"url": "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm"
},
{
"name": "oval:org.mitre.oval:def:335",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335"
},
{
"name": "oval:org.mitre.oval:def:342",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342"
},
{
"name": "MS03-048",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "1007687",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007687"
},
{
"name": "oval:org.mitre.oval:def:392",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392"
},
{
"name": "oval:org.mitre.oval:def:341",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341"
},
{
"name": "20030911 LiuDieYu\u0027s missing files are here.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"name": "oval:org.mitre.oval:def:344",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344"
},
{
"name": "oval:org.mitre.oval:def:349",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349"
},
{
"name": "oval:org.mitre.oval:def:343",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343"
},
{
"name": "20030910 MSIE-\u003eBodyRefreshLoadsJPU:refresh is a new navigation method",
"refsource": "BUGTRAQ",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html"
},
{
"name": "VU#326412",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/326412"
},
{
"name": "10192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0814",
"datePublished": "2004-01-14T05:00:00",
"dateReserved": "2003-09-18T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1041
Vulnerability from cvelistv5
Published
2004-05-20 04:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA04-196A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"name": "oval:org.mitre.oval:def:1186",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186"
},
{
"name": "9320",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9320"
},
{
"name": "MS04-023",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023"
},
{
"name": "oval:org.mitre.oval:def:1943",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943"
},
{
"name": "VU#187196",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/187196"
},
{
"name": "oval:org.mitre.oval:def:956",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956"
},
{
"name": "oval:org.mitre.oval:def:3514",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514"
},
{
"name": "ie-showhelp-directory-traversal(14105)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14105"
},
{
"name": "20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp()",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/348521"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing \"..\" (dot dot) sequences and a filename that ends in \"::\" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "TA04-196A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"name": "oval:org.mitre.oval:def:1186",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186"
},
{
"name": "9320",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9320"
},
{
"name": "MS04-023",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023"
},
{
"name": "oval:org.mitre.oval:def:1943",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943"
},
{
"name": "VU#187196",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/187196"
},
{
"name": "oval:org.mitre.oval:def:956",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956"
},
{
"name": "oval:org.mitre.oval:def:3514",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514"
},
{
"name": "ie-showhelp-directory-traversal(14105)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14105"
},
{
"name": "20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp()",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/348521"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing \"..\" (dot dot) sequences and a filename that ends in \"::\" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA04-196A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"name": "oval:org.mitre.oval:def:1186",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186"
},
{
"name": "9320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9320"
},
{
"name": "MS04-023",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023"
},
{
"name": "oval:org.mitre.oval:def:1943",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943"
},
{
"name": "VU#187196",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/187196"
},
{
"name": "oval:org.mitre.oval:def:956",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956"
},
{
"name": "oval:org.mitre.oval:def:3514",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514"
},
{
"name": "ie-showhelp-directory-traversal(14105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14105"
},
{
"name": "20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp()",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/348521"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1041",
"datePublished": "2004-05-20T04:00:00",
"dateReserved": "2004-05-13T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-7065
Vulnerability from cvelistv5
Published
2007-02-27 18:00
Modified
2024-09-16 19:52
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/19364 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html | mailing-list, x_refsource_FULLDISC | |
| http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:05.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19364",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19364"
},
{
"name": "20060806 bugs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-02-27T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19364",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19364"
},
{
"name": "20060806 bugs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19364"
},
{
"name": "20060806 bugs",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html"
},
{
"name": "http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511",
"refsource": "MISC",
"url": "http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7065",
"datePublished": "2007-02-27T18:00:00Z",
"dateReserved": "2007-02-27T00:00:00Z",
"dateUpdated": "2024-09-16T19:52:09.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4717
Vulnerability from cvelistv5
Published
2006-02-15 11:00
Modified
2024-09-16 18:33
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html | mailing-list, x_refsource_FULLDISC | |
| http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/15268 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051101 new IE bug (confirmed on ALL windows)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html"
},
{
"name": "20051104 RE: new IE bug (confirmed on ALL windows)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html"
},
{
"name": "15268",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15268"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-02-15T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051101 new IE bug (confirmed on ALL windows)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html"
},
{
"name": "20051104 RE: new IE bug (confirmed on ALL windows)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html"
},
{
"name": "15268",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15268"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051101 new IE bug (confirmed on ALL windows)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html"
},
{
"name": "20051104 RE: new IE bug (confirmed on ALL windows)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html"
},
{
"name": "15268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15268"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4717",
"datePublished": "2006-02-15T11:00:00Z",
"dateReserved": "2006-02-15T00:00:00Z",
"dateUpdated": "2024-09-16T18:33:15.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1185
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/6216 | vdb-entry, x_refsource_BID | |
| http://www.eeye.com/html/Research/Advisories/AD20021211.html | third-party-advisory, x_refsource_EEYE | |
| http://marc.info/?l=bugtraq&m=103970996205091&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.iss.net/security_center/static/10662.php | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html | mailing-list, x_refsource_VULNWATCH | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:27.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS02-066",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"name": "6216",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6216"
},
{
"name": "AD20021211",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD20021211.html"
},
{
"name": "20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103970996205091\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:542",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542"
},
{
"name": "ie-png-bo(10662)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10662.php"
},
{
"name": "20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html"
},
{
"name": "oval:org.mitre.oval:def:393",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka \"Malformed PNG Image File Failure.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-11-01T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS02-066",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"name": "6216",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6216"
},
{
"name": "AD20021211",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD20021211.html"
},
{
"name": "20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103970996205091\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:542",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542"
},
{
"name": "ie-png-bo(10662)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10662.php"
},
{
"name": "20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html"
},
{
"name": "oval:org.mitre.oval:def:393",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka \"Malformed PNG Image File Failure.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS02-066",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"name": "6216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6216"
},
{
"name": "AD20021211",
"refsource": "EEYE",
"url": "http://www.eeye.com/html/Research/Advisories/AD20021211.html"
},
{
"name": "20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103970996205091\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:542",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542"
},
{
"name": "ie-png-bo(10662)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10662.php"
},
{
"name": "20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html"
},
{
"name": "oval:org.mitre.oval:def:393",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1185",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-10-04T00:00:00",
"dateUpdated": "2024-08-08T03:19:27.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2830
Vulnerability from cvelistv5
Published
2005-12-14 11:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18064"
},
{
"name": "MS05-054",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"name": "oval:org.mitre.oval:def:1101",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101"
},
{
"name": "1015350",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"name": "15368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15368"
},
{
"name": "ADV-2005-2909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"name": "oval:org.mitre.oval:def:1097",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097"
},
{
"name": "oval:org.mitre.oval:def:1435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435"
},
{
"name": "18311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18311"
},
{
"name": "ADV-2005-2867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"name": "oval:org.mitre.oval:def:1143",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143"
},
{
"name": "ie-https-proxy-information-disclosure(23451)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23451"
},
{
"name": "15825",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15825"
},
{
"name": "oval:org.mitre.oval:def:1317",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317"
},
{
"name": "oval:org.mitre.oval:def:1521",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka \"HTTPS Proxy Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "18064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18064"
},
{
"name": "MS05-054",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"name": "oval:org.mitre.oval:def:1101",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101"
},
{
"name": "1015350",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"name": "15368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15368"
},
{
"name": "ADV-2005-2909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"name": "oval:org.mitre.oval:def:1097",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097"
},
{
"name": "oval:org.mitre.oval:def:1435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435"
},
{
"name": "18311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18311"
},
{
"name": "ADV-2005-2867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"name": "oval:org.mitre.oval:def:1143",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143"
},
{
"name": "ie-https-proxy-information-disclosure(23451)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23451"
},
{
"name": "15825",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15825"
},
{
"name": "oval:org.mitre.oval:def:1317",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317"
},
{
"name": "oval:org.mitre.oval:def:1521",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2005-2830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka \"HTTPS Proxy Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18064"
},
{
"name": "MS05-054",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"name": "oval:org.mitre.oval:def:1101",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101"
},
{
"name": "1015350",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015350"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"name": "15368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15368"
},
{
"name": "ADV-2005-2909",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"name": "oval:org.mitre.oval:def:1097",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097"
},
{
"name": "oval:org.mitre.oval:def:1435",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435"
},
{
"name": "18311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18311"
},
{
"name": "ADV-2005-2867",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"name": "oval:org.mitre.oval:def:1143",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143"
},
{
"name": "ie-https-proxy-information-disclosure(23451)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23451"
},
{
"name": "15825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15825"
},
{
"name": "oval:org.mitre.oval:def:1317",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317"
},
{
"name": "oval:org.mitre.oval:def:1521",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521"
},
{
"name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420",
"refsource": "MISC",
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2005-2830",
"datePublished": "2005-12-14T11:00:00",
"dateReserved": "2005-09-07T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1328
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 02:28
Severity ?
EPSS score ?
Summary
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.ciac.org/ciac/bulletins/n-038.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://www.securityfocus.com/bid/6780 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/400577 | third-party-advisory, x_refsource_CERT-VN | |
| http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/11259.php | vdb-entry, x_refsource_XF | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:01.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:57",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57"
},
{
"name": "N-038",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-038.shtml"
},
{
"name": "6780",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6780"
},
{
"name": "VU#400577",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/400577"
},
{
"name": "20030206 showHelp(\"file:\") disables security in IE - Sandblad advisory #11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html"
},
{
"name": "ie-showhelp-zone-bypass(11259)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11259.php"
},
{
"name": "MS03-004",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka \"Improper Cross Domain Security Validation with ShowHelp functionality.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:57",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57"
},
{
"name": "N-038",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-038.shtml"
},
{
"name": "6780",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6780"
},
{
"name": "VU#400577",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/400577"
},
{
"name": "20030206 showHelp(\"file:\") disables security in IE - Sandblad advisory #11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html"
},
{
"name": "ie-showhelp-zone-bypass(11259)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11259.php"
},
{
"name": "MS03-004",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka \"Improper Cross Domain Security Validation with ShowHelp functionality.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:57",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57"
},
{
"name": "N-038",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-038.shtml"
},
{
"name": "6780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6780"
},
{
"name": "VU#400577",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/400577"
},
{
"name": "20030206 showHelp(\"file:\") disables security in IE - Sandblad advisory #11",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html"
},
{
"name": "ie-showhelp-zone-bypass(11259)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11259.php"
},
{
"name": "MS03-004",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1328",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-02-06T00:00:00",
"dateUpdated": "2024-08-08T02:28:01.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2094
Vulnerability from cvelistv5
Published
2006-04-29 10:00
Modified
2024-08-07 17:35
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/1559 | vdb-entry, x_refsource_VUPEN | |
| http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/17713 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1015720 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/22351 | vdb-entry, x_refsource_OSVDB | |
| http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02 | x_refsource_MISC | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26111 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1559",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1559"
},
{
"name": "20060426 Internet Explorer User Interface Races, Redeux",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html"
},
{
"name": "17713",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17713"
},
{
"name": "1015720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015720"
},
{
"name": "22351",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22351"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02"
},
{
"name": "20060427 PoC for Internet Explorer Modal Dialog Issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html"
},
{
"name": "ie-modal-dialog-code-execution(26111)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26111"
},
{
"name": "20060427 PoC for Internet Explorer Modal Dialog Issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/"
},
{
"name": "20040407 Race conditions in security dialogs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a \"Yes\" approval for executing the control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1559",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1559"
},
{
"name": "20060426 Internet Explorer User Interface Races, Redeux",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html"
},
{
"name": "17713",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17713"
},
{
"name": "1015720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015720"
},
{
"name": "22351",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22351"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02"
},
{
"name": "20060427 PoC for Internet Explorer Modal Dialog Issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html"
},
{
"name": "ie-modal-dialog-code-execution(26111)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26111"
},
{
"name": "20060427 PoC for Internet Explorer Modal Dialog Issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/"
},
{
"name": "20040407 Race conditions in security dialogs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a \"Yes\" approval for executing the control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1559",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1559"
},
{
"name": "20060426 Internet Explorer User Interface Races, Redeux",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html"
},
{
"name": "17713",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17713"
},
{
"name": "1015720",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015720"
},
{
"name": "22351",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22351"
},
{
"name": "http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02",
"refsource": "MISC",
"url": "http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02"
},
{
"name": "20060427 PoC for Internet Explorer Modal Dialog Issue",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html"
},
{
"name": "ie-modal-dialog-code-execution(26111)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26111"
},
{
"name": "20060427 PoC for Internet Explorer Modal Dialog Issue",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html"
},
{
"name": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
"refsource": "MISC",
"url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/"
},
{
"name": "20040407 Race conditions in security dialogs",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2094",
"datePublished": "2006-04-29T10:00:00",
"dateReserved": "2006-04-28T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5913
Vulnerability from cvelistv5
Published
2006-11-15 15:00
Modified
2024-08-07 20:12
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/450825/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.blogger.com/comment.g?blogID=15069726&postID=116257593427394541 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:30.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061107 Re: IE7 website security certificate discrediting exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450825/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.blogger.com/comment.g?blogID=15069726\u0026postID=116257593427394541"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site\u0027s URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a \"The webpage no longer exists\" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061107 Re: IE7 website security certificate discrediting exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450825/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.blogger.com/comment.g?blogID=15069726\u0026postID=116257593427394541"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site\u0027s URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a \"The webpage no longer exists\" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061107 Re: IE7 website security certificate discrediting exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450825/100/0/threaded"
},
{
"name": "http://www.blogger.com/comment.g?blogID=15069726\u0026postID=116257593427394541",
"refsource": "MISC",
"url": "http://www.blogger.com/comment.g?blogID=15069726\u0026postID=116257593427394541"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5913",
"datePublished": "2006-11-15T15:00:00",
"dateReserved": "2006-11-15T00:00:00",
"dateUpdated": "2024-08-07T20:12:30.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4560
Vulnerability from cvelistv5
Published
2006-09-06 00:00
Modified
2024-08-07 19:14
Severity ?
EPSS score ?
Summary
Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/443209/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/31329 | vdb-entry, x_refsource_OSVDB | |
| http://shampoo.antville.org/stories/1451301/ | x_refsource_MISC | |
| http://polyboy.net/xss/dnsslurp.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060814 (somewhat) breaking the same-origin policy by undermining dns-pinning",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443209/100/200/threaded"
},
{
"name": "31329",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31329"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://shampoo.antville.org/stories/1451301/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://polyboy.net/xss/dnsslurp.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser\u0027s session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker\u0027s control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060814 (somewhat) breaking the same-origin policy by undermining dns-pinning",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443209/100/200/threaded"
},
{
"name": "31329",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31329"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://shampoo.antville.org/stories/1451301/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://polyboy.net/xss/dnsslurp.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser\u0027s session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker\u0027s control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060814 (somewhat) breaking the same-origin policy by undermining dns-pinning",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443209/100/200/threaded"
},
{
"name": "31329",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31329"
},
{
"name": "http://shampoo.antville.org/stories/1451301/",
"refsource": "MISC",
"url": "http://shampoo.antville.org/stories/1451301/"
},
{
"name": "http://polyboy.net/xss/dnsslurp.html",
"refsource": "MISC",
"url": "http://polyboy.net/xss/dnsslurp.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4560",
"datePublished": "2006-09-06T00:00:00",
"dateReserved": "2006-09-05T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1188
Vulnerability from cvelistv5
Published
2006-04-11 23:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060525 [BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435096/30/4710/threaded"
},
{
"name": "oval:org.mitre.oval:def:1144",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1144"
},
{
"name": "18957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18957"
},
{
"name": "1015900",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015900"
},
{
"name": "oval:org.mitre.oval:def:1290",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1290"
},
{
"name": "VU#824324",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/824324"
},
{
"name": "TA06-101A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "oval:org.mitre.oval:def:1773",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1773"
},
{
"name": "MS06-013",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "ADV-2006-1318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "oval:org.mitre.oval:def:1296",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1296"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20060525 [BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435096/30/4710/threaded"
},
{
"name": "oval:org.mitre.oval:def:1144",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1144"
},
{
"name": "18957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18957"
},
{
"name": "1015900",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015900"
},
{
"name": "oval:org.mitre.oval:def:1290",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1290"
},
{
"name": "VU#824324",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/824324"
},
{
"name": "TA06-101A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "oval:org.mitre.oval:def:1773",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1773"
},
{
"name": "MS06-013",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "ADV-2006-1318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "oval:org.mitre.oval:def:1296",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1296"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060525 [BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435096/30/4710/threaded"
},
{
"name": "oval:org.mitre.oval:def:1144",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1144"
},
{
"name": "18957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18957"
},
{
"name": "1015900",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015900"
},
{
"name": "oval:org.mitre.oval:def:1290",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1290"
},
{
"name": "VU#824324",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/824324"
},
{
"name": "TA06-101A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "oval:org.mitre.oval:def:1773",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1773"
},
{
"name": "MS06-013",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "ADV-2006-1318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "oval:org.mitre.oval:def:1296",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1296"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-1188",
"datePublished": "2006-04-11T23:00:00",
"dateReserved": "2006-03-13T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2434
Vulnerability from cvelistv5
Published
2005-08-18 04:00
Modified
2024-08-08 01:29
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/8335 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1010491 | vdb-entry, x_refsource_SECTRACK | |
| http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html | mailing-list, x_refsource_FULLDISC | |
| http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html | mailing-list, x_refsource_FULLDISC | |
| http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16420 | vdb-entry, x_refsource_XF | |
| http://www.securiteam.com/windowsntfocus/5IP020KDPU.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8335",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8335"
},
{
"name": "1010491",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010491"
},
{
"name": "20040615 RE: Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html"
},
{
"name": "20040728 Re: Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html"
},
{
"name": "20040614 Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html"
},
{
"name": "ie-null-pointer-dos(16420)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16420"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with \"::{\" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using \"Save As\" and Internet Explorer prepares an error message with an attacker-controlled format string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8335",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8335"
},
{
"name": "1010491",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010491"
},
{
"name": "20040615 RE: Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html"
},
{
"name": "20040728 Re: Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html"
},
{
"name": "20040614 Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html"
},
{
"name": "ie-null-pointer-dos(16420)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16420"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with \"::{\" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using \"Save As\" and Internet Explorer prepares an error message with an attacker-controlled format string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8335",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8335"
},
{
"name": "1010491",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010491"
},
{
"name": "20040615 RE: Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html"
},
{
"name": "20040728 Re: Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html"
},
{
"name": "20040614 Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html"
},
{
"name": "ie-null-pointer-dos(16420)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16420"
},
{
"name": "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2434",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:12.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2057
Vulnerability from cvelistv5
Published
2006-04-26 20:00
Modified
2024-08-07 17:35
Severity ?
EPSS score ?
Summary
Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/1538 | vdb-entry, x_refsource_VUPEN | |
| http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/432009/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26118 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1538",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1538"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html"
},
{
"name": "20060424 Multiple browsers Windows mailto protocol Office 2003 file attachment exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432009/100/0/threaded"
},
{
"name": "office-mailto-obtain-information(26118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1538",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1538"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html"
},
{
"name": "20060424 Multiple browsers Windows mailto protocol Office 2003 file attachment exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432009/100/0/threaded"
},
{
"name": "office-mailto-obtain-information(26118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26118"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1538",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1538"
},
{
"name": "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html",
"refsource": "MISC",
"url": "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html"
},
{
"name": "20060424 Multiple browsers Windows mailto protocol Office 2003 file attachment exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432009/100/0/threaded"
},
{
"name": "office-mailto-obtain-information(26118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26118"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2057",
"datePublished": "2006-04-26T20:00:00",
"dateReserved": "2006-04-26T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1988
Vulnerability from cvelistv5
Published
2005-08-10 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/16373/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/965206 | third-party-advisory, x_refsource_CERT-VN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1335 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA05-221A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A390 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1216 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.vupen.com/english/advisories/2005/1353 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16373/"
},
{
"name": "VU#965206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/965206"
},
{
"name": "oval:org.mitre.oval:def:1335",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1335"
},
{
"name": "TA05-221A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html"
},
{
"name": "MS05-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"name": "oval:org.mitre.oval:def:390",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A390"
},
{
"name": "oval:org.mitre.oval:def:1140",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140"
},
{
"name": "oval:org.mitre.oval:def:1216",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1216"
},
{
"name": "ADV-2005-1353",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka \"JPEG Image Rendering Memory Corruption Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "16373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16373/"
},
{
"name": "VU#965206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/965206"
},
{
"name": "oval:org.mitre.oval:def:1335",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1335"
},
{
"name": "TA05-221A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html"
},
{
"name": "MS05-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"name": "oval:org.mitre.oval:def:390",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A390"
},
{
"name": "oval:org.mitre.oval:def:1140",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140"
},
{
"name": "oval:org.mitre.oval:def:1216",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1216"
},
{
"name": "ADV-2005-1353",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2005-1988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka \"JPEG Image Rendering Memory Corruption Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16373/"
},
{
"name": "VU#965206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/965206"
},
{
"name": "oval:org.mitre.oval:def:1335",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1335"
},
{
"name": "TA05-221A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html"
},
{
"name": "MS05-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"name": "oval:org.mitre.oval:def:390",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A390"
},
{
"name": "oval:org.mitre.oval:def:1140",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140"
},
{
"name": "oval:org.mitre.oval:def:1216",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1216"
},
{
"name": "ADV-2005-1353",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2005-1988",
"datePublished": "2005-08-10T04:00:00",
"dateReserved": "2005-06-17T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0420
Vulnerability from cvelistv5
Published
2004-04-20 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-clsid-file-extension-spoofing(14964)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14964"
},
{
"name": "9510",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9510"
},
{
"name": "TA04-196A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"name": "10736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10736/"
},
{
"name": "oval:org.mitre.oval:def:2894",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894"
},
{
"name": "oval:org.mitre.oval:def:3386",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386"
},
{
"name": "oval:org.mitre.oval:def:3604",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604"
},
{
"name": "oval:org.mitre.oval:def:2245",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245"
},
{
"name": "20040127 GOOROO CROSSING: File Spoofing Internet Explorer 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/351379"
},
{
"name": "oval:org.mitre.oval:def:3533",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533"
},
{
"name": "VU#106324",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/106324"
},
{
"name": "20040127 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.security-express.com/archives/bugtraq/2004-01/0300.html"
},
{
"name": "oval:org.mitre.oval:def:2381",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381"
},
{
"name": "MS04-024",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-clsid-file-extension-spoofing(14964)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14964"
},
{
"name": "9510",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9510"
},
{
"name": "TA04-196A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"name": "10736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10736/"
},
{
"name": "oval:org.mitre.oval:def:2894",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894"
},
{
"name": "oval:org.mitre.oval:def:3386",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386"
},
{
"name": "oval:org.mitre.oval:def:3604",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604"
},
{
"name": "oval:org.mitre.oval:def:2245",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245"
},
{
"name": "20040127 GOOROO CROSSING: File Spoofing Internet Explorer 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/351379"
},
{
"name": "oval:org.mitre.oval:def:3533",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533"
},
{
"name": "VU#106324",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/106324"
},
{
"name": "20040127 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.security-express.com/archives/bugtraq/2004-01/0300.html"
},
{
"name": "oval:org.mitre.oval:def:2381",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381"
},
{
"name": "MS04-024",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-clsid-file-extension-spoofing(14964)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14964"
},
{
"name": "9510",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9510"
},
{
"name": "TA04-196A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"name": "10736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10736/"
},
{
"name": "oval:org.mitre.oval:def:2894",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894"
},
{
"name": "oval:org.mitre.oval:def:3386",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386"
},
{
"name": "oval:org.mitre.oval:def:3604",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604"
},
{
"name": "oval:org.mitre.oval:def:2245",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245"
},
{
"name": "20040127 GOOROO CROSSING: File Spoofing Internet Explorer 6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/351379"
},
{
"name": "oval:org.mitre.oval:def:3533",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533"
},
{
"name": "VU#106324",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/106324"
},
{
"name": "20040127 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6",
"refsource": "BUGTRAQ",
"url": "http://www.security-express.com/archives/bugtraq/2004-01/0300.html"
},
{
"name": "oval:org.mitre.oval:def:2381",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381"
},
{
"name": "MS04-024",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0420",
"datePublished": "2004-04-20T04:00:00",
"dateReserved": "2004-04-19T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0719
Vulnerability from cvelistv5
Published
2004-07-23 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/1598 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/11978 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/11966 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:27.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "http-frame-spoof(1598)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
},
{
"name": "11978",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11978"
},
{
"name": "11966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11966"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "http-frame-spoof(1598)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
},
{
"name": "11978",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11978"
},
{
"name": "11966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11966"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http-frame-spoof(1598)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
},
{
"name": "11978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11978"
},
{
"name": "11966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11966"
},
{
"name": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
"refsource": "MISC",
"url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0719",
"datePublished": "2004-07-23T04:00:00",
"dateReserved": "2004-07-22T00:00:00",
"dateUpdated": "2024-08-08T00:24:27.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2383
Vulnerability from cvelistv5
Published
2011-06-03 17:00
Modified
2024-08-06 23:00
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:33.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.informationweek.com/news/security/vulnerabilities/229700031"
},
{
"name": "MS11-057",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://news.cnet.com/8301-1009_3-20066419-83.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/"
},
{
"name": "oval:org.mitre.oval:def:12820",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=VsSkcnIFCxM"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networkworld.com/community/node/74259"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=V95CX-3JpK0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue, aka \"Drag and Drop Information Disclosure Vulnerability.\" NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.informationweek.com/news/security/vulnerabilities/229700031"
},
{
"name": "MS11-057",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://news.cnet.com/8301-1009_3-20066419-83.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/"
},
{
"name": "oval:org.mitre.oval:def:12820",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=VsSkcnIFCxM"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networkworld.com/community/node/74259"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=V95CX-3JpK0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue, aka \"Drag and Drop Information Disclosure Vulnerability.\" NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.informationweek.com/news/security/vulnerabilities/229700031",
"refsource": "MISC",
"url": "http://www.informationweek.com/news/security/vulnerabilities/229700031"
},
{
"name": "MS11-057",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057"
},
{
"name": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388",
"refsource": "MISC",
"url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388"
},
{
"name": "http://news.cnet.com/8301-1009_3-20066419-83.html",
"refsource": "MISC",
"url": "http://news.cnet.com/8301-1009_3-20066419-83.html"
},
{
"name": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/",
"refsource": "MISC",
"url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/"
},
{
"name": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/"
},
{
"name": "oval:org.mitre.oval:def:12820",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820"
},
{
"name": "http://www.youtube.com/watch?v=VsSkcnIFCxM",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=VsSkcnIFCxM"
},
{
"name": "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt",
"refsource": "MISC",
"url": "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt"
},
{
"name": "http://www.networkworld.com/community/node/74259",
"refsource": "MISC",
"url": "http://www.networkworld.com/community/node/74259"
},
{
"name": "http://www.youtube.com/watch?v=V95CX-3JpK0",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=V95CX-3JpK0"
},
{
"name": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt",
"refsource": "MISC",
"url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2383",
"datePublished": "2011-06-03T17:00:00",
"dateReserved": "2011-06-03T00:00:00",
"dateUpdated": "2024-08-06T23:00:33.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0055
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:41.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS05-014",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"name": "oval:org.mitre.oval:def:3137",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3137"
},
{
"name": "VU#843771",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/843771"
},
{
"name": "TA05-039A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "oval:org.mitre.oval:def:1005",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005"
},
{
"name": "ie-cdf-execute-code(19137)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137"
},
{
"name": "oval:org.mitre.oval:def:3910",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3910"
},
{
"name": "11165",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11165/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2004-12/advisory/"
},
{
"name": "1013125",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013125"
},
{
"name": "oval:org.mitre.oval:def:710",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A710"
},
{
"name": "oval:org.mitre.oval:def:2692",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the \"DHTML Method Heap Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS05-014",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"name": "oval:org.mitre.oval:def:3137",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3137"
},
{
"name": "VU#843771",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/843771"
},
{
"name": "TA05-039A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "oval:org.mitre.oval:def:1005",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005"
},
{
"name": "ie-cdf-execute-code(19137)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137"
},
{
"name": "oval:org.mitre.oval:def:3910",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3910"
},
{
"name": "11165",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11165/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2004-12/advisory/"
},
{
"name": "1013125",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013125"
},
{
"name": "oval:org.mitre.oval:def:710",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A710"
},
{
"name": "oval:org.mitre.oval:def:2692",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the \"DHTML Method Heap Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS05-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"name": "oval:org.mitre.oval:def:3137",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3137"
},
{
"name": "VU#843771",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/843771"
},
{
"name": "TA05-039A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "oval:org.mitre.oval:def:1005",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005"
},
{
"name": "ie-cdf-execute-code(19137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137"
},
{
"name": "oval:org.mitre.oval:def:3910",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3910"
},
{
"name": "11165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11165/"
},
{
"name": "http://secunia.com/secunia_research/2004-12/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2004-12/advisory/"
},
{
"name": "1013125",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013125"
},
{
"name": "oval:org.mitre.oval:def:710",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A710"
},
{
"name": "oval:org.mitre.oval:def:2692",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0055",
"datePublished": "2005-02-08T05:00:00",
"dateReserved": "2005-01-11T00:00:00",
"dateUpdated": "2024-08-07T20:57:41.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4848
Vulnerability from cvelistv5
Published
2007-09-12 20:00
Modified
2024-08-07 15:08
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/37638 | vdb-entry, x_refsource_OSVDB | |
| http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37638",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37638"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37638",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37638"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37638",
"refsource": "OSVDB",
"url": "http://osvdb.org/37638"
},
{
"name": "http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/",
"refsource": "MISC",
"url": "http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4848",
"datePublished": "2007-09-12T20:00:00",
"dateReserved": "2007-09-12T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3472
Vulnerability from cvelistv5
Published
2006-07-10 20:00
Modified
2024-08-07 18:30
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/18820 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/30822 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18820"
},
{
"name": "30822",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18820"
},
{
"name": "30822",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18820"
},
{
"name": "30822",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3472",
"datePublished": "2006-07-10T20:00:00",
"dateReserved": "2006-07-10T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0114
Vulnerability from cvelistv5
Published
2003-04-26 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=104429340817718&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030203 internet explorer local file reading",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104429340817718\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:963",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963"
},
{
"name": "MS03-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030203 internet explorer local file reading",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104429340817718\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:963",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963"
},
{
"name": "MS03-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030203 internet explorer local file reading",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104429340817718\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:963",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963"
},
{
"name": "MS03-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0114",
"datePublished": "2003-04-26T04:00:00",
"dateReserved": "2003-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0153
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/3935 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/archive/1/251805 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7969 | vdb-entry, x_refsource_XF | |
| http://www.iss.net/security_center/static/8851.php | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/5356 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:27.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3935",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3935"
},
{
"name": "MS02-019",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"
},
{
"name": "20020122 Macinosh IE file execuion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/251805"
},
{
"name": "ie-macos-file-execution(7969)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7969"
},
{
"name": "ie-mac-applescript-execution(8851)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8851.php"
},
{
"name": "5356",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the \"Local Applescript Invocation\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3935",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3935"
},
{
"name": "MS02-019",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"
},
{
"name": "20020122 Macinosh IE file execuion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/251805"
},
{
"name": "ie-macos-file-execution(7969)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7969"
},
{
"name": "ie-mac-applescript-execution(8851)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8851.php"
},
{
"name": "5356",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5356"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the \"Local Applescript Invocation\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3935"
},
{
"name": "MS02-019",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"
},
{
"name": "20020122 Macinosh IE file execuion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/251805"
},
{
"name": "ie-macos-file-execution(7969)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7969"
},
{
"name": "ie-mac-applescript-execution(8851)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8851.php"
},
{
"name": "5356",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5356"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0153",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-03-19T00:00:00",
"dateUpdated": "2024-08-08T02:42:27.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0869
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityfocus.com/archive/1/375407 | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1011332 | vdb-entry, x_refsource_SECTRACK | |
| http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17417 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://securityfocus.com/archive/1/375407"
},
{
"name": "1011332",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011332"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt"
},
{
"name": "web-browser-cookie-session-hijack(17417)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://securityfocus.com/archive/1/375407"
},
{
"name": "1011332",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011332"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt"
},
{
"name": "web-browser-cookie-session-hijack(17417)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://securityfocus.com/archive/1/375407"
},
{
"name": "1011332",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011332"
},
{
"name": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt",
"refsource": "MISC",
"url": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt"
},
{
"name": "web-browser-cookie-session-hijack(17417)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0869",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2004-09-14T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1105
Vulnerability from cvelistv5
Published
2005-03-11 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13029 | vdb-entry, x_refsource_XF | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 | vendor-advisory, x_refsource_MS | |
| http://www.kb.cert.org/vuls/id/813208 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:36.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-input-type-dos(13029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13029"
},
{
"name": "MS03-032",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name": "VU#813208",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/813208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-input-type-dos(13029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13029"
},
{
"name": "MS03-032",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name": "VU#813208",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/813208"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-input-type-dos(13029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13029"
},
{
"name": "MS03-032",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name": "VU#813208",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/813208"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1105",
"datePublished": "2005-03-11T05:00:00",
"dateReserved": "2005-03-11T00:00:00",
"dateUpdated": "2024-08-08T02:12:36.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4697
Vulnerability from cvelistv5
Published
2007-02-13 22:00
Modified
2024-08-07 19:23
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/753924 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA07-044A.html | third-party-advisory, x_refsource_CERT | |
| http://www.vupen.com/english/advisories/2007/0584 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/24156 | third-party-advisory, x_refsource_SECUNIA | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016 | vendor-advisory, x_refsource_MS | |
| http://www.osvdb.org/31891 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/22486 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:40.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#753924",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/753924"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "ADV-2007-0584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"name": "24156",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24156"
},
{
"name": "oval:org.mitre.oval:def:1120",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120"
},
{
"name": "MS07-016",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"name": "31891",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31891"
},
{
"name": "22486",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "VU#753924",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/753924"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "ADV-2007-0584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"name": "24156",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24156"
},
{
"name": "oval:org.mitre.oval:def:1120",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120"
},
{
"name": "MS07-016",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"name": "31891",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31891"
},
{
"name": "22486",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-4697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#753924",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/753924"
},
{
"name": "TA07-044A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "ADV-2007-0584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"name": "24156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24156"
},
{
"name": "oval:org.mitre.oval:def:1120",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120"
},
{
"name": "MS07-016",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"name": "31891",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31891"
},
{
"name": "22486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-4697",
"datePublished": "2007-02-13T22:00:00",
"dateReserved": "2006-09-11T00:00:00",
"dateUpdated": "2024-08-07T19:23:40.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3903
Vulnerability from cvelistv5
Published
2007-12-12 00:00
Modified
2024-08-07 14:37
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019078",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019078"
},
{
"name": "20071211 ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484888/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-074.html"
},
{
"name": "SSRT071506",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "28036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28036"
},
{
"name": "oval:org.mitre.oval:def:4553",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553"
},
{
"name": "MS07-069",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"name": "ADV-2007-4184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"name": "HPSBST02299",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "ie-clonenode-nodevalue-code-execution(38714)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38714"
},
{
"name": "TA07-345A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"name": "26816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26816"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of \"Uninitialized Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1019078",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019078"
},
{
"name": "20071211 ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484888/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-074.html"
},
{
"name": "SSRT071506",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "28036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28036"
},
{
"name": "oval:org.mitre.oval:def:4553",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553"
},
{
"name": "MS07-069",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"name": "ADV-2007-4184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"name": "HPSBST02299",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "ie-clonenode-nodevalue-code-execution(38714)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38714"
},
{
"name": "TA07-345A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"name": "26816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26816"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-3903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019078",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019078"
},
{
"name": "20071211 ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484888/100/0/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-074.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-074.html"
},
{
"name": "SSRT071506",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "28036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28036"
},
{
"name": "oval:org.mitre.oval:def:4553",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553"
},
{
"name": "MS07-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"name": "ADV-2007-4184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"name": "HPSBST02299",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "ie-clonenode-nodevalue-code-execution(38714)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38714"
},
{
"name": "TA07-345A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"name": "26816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26816"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-3903",
"datePublished": "2007-12-12T00:00:00",
"dateReserved": "2007-07-19T00:00:00",
"dateUpdated": "2024-08-07T14:37:06.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0823
Vulnerability from cvelistv5
Published
2004-01-14 05:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#413886",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "20030910 MSIE-\u003eHijackClick: 1+1=2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106322197932006\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:370",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370"
},
{
"name": "oval:org.mitre.oval:def:371",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371"
},
{
"name": "MS03-048",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "oval:org.mitre.oval:def:588",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588"
},
{
"name": "20030911 LiuDieYu\u0027s missing files are here.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"name": "oval:org.mitre.oval:def:733",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733"
},
{
"name": "oval:org.mitre.oval:def:369",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369"
},
{
"name": "oval:org.mitre.oval:def:368",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368"
},
{
"name": "10192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10192"
},
{
"name": "oval:org.mitre.oval:def:372",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372"
},
{
"name": "1006036",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1006036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#413886",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "20030910 MSIE-\u003eHijackClick: 1+1=2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106322197932006\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:370",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370"
},
{
"name": "oval:org.mitre.oval:def:371",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371"
},
{
"name": "MS03-048",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "oval:org.mitre.oval:def:588",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588"
},
{
"name": "20030911 LiuDieYu\u0027s missing files are here.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"name": "oval:org.mitre.oval:def:733",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733"
},
{
"name": "oval:org.mitre.oval:def:369",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369"
},
{
"name": "oval:org.mitre.oval:def:368",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368"
},
{
"name": "10192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10192"
},
{
"name": "oval:org.mitre.oval:def:372",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372"
},
{
"name": "1006036",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1006036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#413886",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "20030910 MSIE-\u003eHijackClick: 1+1=2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106322197932006\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:370",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370"
},
{
"name": "oval:org.mitre.oval:def:371",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371"
},
{
"name": "MS03-048",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "oval:org.mitre.oval:def:588",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588"
},
{
"name": "20030911 LiuDieYu\u0027s missing files are here.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"name": "oval:org.mitre.oval:def:733",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733"
},
{
"name": "oval:org.mitre.oval:def:369",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369"
},
{
"name": "oval:org.mitre.oval:def:368",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368"
},
{
"name": "10192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10192"
},
{
"name": "oval:org.mitre.oval:def:372",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372"
},
{
"name": "1006036",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1006036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0823",
"datePublished": "2004-01-14T05:00:00",
"dateReserved": "2003-09-18T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0839
Vulnerability from cvelistv5
Published
2004-09-14 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7721",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
},
{
"name": "10973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10973"
},
{
"name": "20040824 What A Drag! -revisited-",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:6272",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
},
{
"name": "20040818 What A Drag II XP SP2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
},
{
"name": "oval:org.mitre.oval:def:2073",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
},
{
"name": "20040818 What A Drag II XP SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4152",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
},
{
"name": "oval:org.mitre.oval:def:3773",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
},
{
"name": "VU#526089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/526089"
},
{
"name": "ie-dragdrop-code-execution(17044)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
},
{
"name": "oval:org.mitre.oval:def:1563",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7721",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
},
{
"name": "10973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10973"
},
{
"name": "20040824 What A Drag! -revisited-",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:6272",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
},
{
"name": "20040818 What A Drag II XP SP2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
},
{
"name": "oval:org.mitre.oval:def:2073",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
},
{
"name": "20040818 What A Drag II XP SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4152",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
},
{
"name": "oval:org.mitre.oval:def:3773",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
},
{
"name": "VU#526089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/526089"
},
{
"name": "ie-dragdrop-code-execution(17044)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
},
{
"name": "oval:org.mitre.oval:def:1563",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7721",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
},
{
"name": "10973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10973"
},
{
"name": "20040824 What A Drag! -revisited-",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
},
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:6272",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
},
{
"name": "20040818 What A Drag II XP SP2",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
},
{
"name": "oval:org.mitre.oval:def:2073",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
},
{
"name": "20040818 What A Drag II XP SP2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
},
{
"name": "TA04-293A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4152",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
},
{
"name": "oval:org.mitre.oval:def:3773",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
},
{
"name": "VU#526089",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/526089"
},
{
"name": "ie-dragdrop-code-execution(17044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
},
{
"name": "oval:org.mitre.oval:def:1563",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0839",
"datePublished": "2004-09-14T04:00:00",
"dateReserved": "2004-09-08T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0985
Vulnerability from cvelistv5
Published
2004-10-26 04:00
Modified
2024-08-08 00:38
Severity ?
EPSS score ?
Summary
Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109830296130857&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=ntbugtraq&m=109828076802478&w=2 | mailing-list, x_refsource_NTBUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17824 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=109829111200055&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:38:59.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109830296130857\u0026w=2"
},
{
"name": "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=109828076802478\u0026w=2"
},
{
"name": "ie-anchorclick-command-execution(17824)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17824"
},
{
"name": "20041020 Re: How to Break Windows XP SP2 + Internet Explorer 6 SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109829111200055\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109830296130857\u0026w=2"
},
{
"name": "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=109828076802478\u0026w=2"
},
{
"name": "ie-anchorclick-command-execution(17824)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17824"
},
{
"name": "20041020 Re: How to Break Windows XP SP2 + Internet Explorer 6 SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109829111200055\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109830296130857\u0026w=2"
},
{
"name": "20041020 How to Break Windows XP SP2 + Internet Explorer 6 SP2",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=109828076802478\u0026w=2"
},
{
"name": "ie-anchorclick-command-execution(17824)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17824"
},
{
"name": "20041020 Re: How to Break Windows XP SP2 + Internet Explorer 6 SP2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109829111200055\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0985",
"datePublished": "2004-10-26T04:00:00",
"dateReserved": "2004-10-25T00:00:00",
"dateUpdated": "2024-08-08T00:38:59.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0942
Vulnerability from cvelistv5
Published
2007-05-08 23:00
Modified
2024-08-07 12:34
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/archive/1/468871/100/200/threaded | vendor-advisory, x_refsource_HP | |
| http://www.vupen.com/english/advisories/2007/1712 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/34399 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33252 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1018019 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/468871/100/200/threaded | vendor-advisory, x_refsource_HP | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/23769 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.us-cert.gov/cas/techalerts/TA07-128A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1939",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939"
},
{
"name": "HPSBST02214",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"name": "ADV-2007-1712",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1712"
},
{
"name": "34399",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/34399"
},
{
"name": "ie-chtskdic-com-code-execution(33252)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33252"
},
{
"name": "1018019",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018019"
},
{
"name": "SSRT071422",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"name": "MS07-027",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027"
},
{
"name": "23769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23769"
},
{
"name": "TA07-128A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly \"instantiate certain COM objects as ActiveX controls,\" which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1939",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939"
},
{
"name": "HPSBST02214",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"name": "ADV-2007-1712",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1712"
},
{
"name": "34399",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/34399"
},
{
"name": "ie-chtskdic-com-code-execution(33252)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33252"
},
{
"name": "1018019",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018019"
},
{
"name": "SSRT071422",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"name": "MS07-027",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027"
},
{
"name": "23769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23769"
},
{
"name": "TA07-128A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly \"instantiate certain COM objects as ActiveX controls,\" which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:1939",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939"
},
{
"name": "HPSBST02214",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"name": "ADV-2007-1712",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1712"
},
{
"name": "34399",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34399"
},
{
"name": "ie-chtskdic-com-code-execution(33252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33252"
},
{
"name": "1018019",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018019"
},
{
"name": "SSRT071422",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"name": "MS07-027",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027"
},
{
"name": "23769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23769"
},
{
"name": "TA07-128A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0942",
"datePublished": "2007-05-08T23:00:00",
"dateReserved": "2007-02-14T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0160
Vulnerability from cvelistv5
Published
2000-02-23 05:00
Modified
2024-08-08 05:05
Severity ?
EPSS score ?
Summary
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000221103938.T21312%40securityfocus.com | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:53.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000221 Microsoft signed software can be install software without prompting users",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-02-15\u0026msg=20000221103938.T21312%40securityfocus.com"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software\u0027s manufacturer is Microsoft."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-05-08T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000221 Microsoft signed software can be install software without prompting users",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-02-15\u0026msg=20000221103938.T21312%40securityfocus.com"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software\u0027s manufacturer is Microsoft."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000221 Microsoft signed software can be install software without prompting users",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-02-15\u0026msg=20000221103938.T21312@securityfocus.com"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0160",
"datePublished": "2000-02-23T05:00:00",
"dateReserved": "2000-02-23T00:00:00",
"dateUpdated": "2024-08-08T05:05:53.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0552
Vulnerability from cvelistv5
Published
2009-04-15 03:49
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/1028 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/53625 | vdb-entry, x_refsource_OSVDB | |
| http://www.us-cert.gov/cas/techalerts/TA09-104A.html | third-party-advisory, x_refsource_CERT | |
| http://secunia.com/advisories/34678 | third-party-advisory, x_refsource_SECUNIA | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id?1022042 | vdb-entry, x_refsource_SECTRACK | |
| http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1028",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1028"
},
{
"name": "53625",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53625"
},
{
"name": "TA09-104A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "34678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34678"
},
{
"name": "oval:org.mitre.oval:def:5551",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551"
},
{
"name": "MS09-014",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"name": "1022042",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022042"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2009-1028",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1028"
},
{
"name": "53625",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53625"
},
{
"name": "TA09-104A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "34678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34678"
},
{
"name": "oval:org.mitre.oval:def:5551",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551"
},
{
"name": "MS09-014",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"name": "1022042",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022042"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1028",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1028"
},
{
"name": "53625",
"refsource": "OSVDB",
"url": "http://osvdb.org/53625"
},
{
"name": "TA09-104A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "34678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34678"
},
{
"name": "oval:org.mitre.oval:def:5551",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551"
},
{
"name": "MS09-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"name": "1022042",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022042"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-0552",
"datePublished": "2009-04-15T03:49:00",
"dateReserved": "2009-02-12T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1824
Vulnerability from cvelistv5
Published
2005-06-28 04:00
Modified
2024-09-17 00:50
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/10180.php | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/archive/1/292842 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5778 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-ssl-certificate-expired(10180)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10180.php"
},
{
"name": "20020923 IE6 SSL Certificate Chain Verification",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/292842"
},
{
"name": "5778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5778"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver\u0027s certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-ssl-certificate-expired(10180)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10180.php"
},
{
"name": "20020923 IE6 SSL Certificate Chain Verification",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/292842"
},
{
"name": "5778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5778"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver\u0027s certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-ssl-certificate-expired(10180)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10180.php"
},
{
"name": "20020923 IE6 SSL Certificate Chain Verification",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/292842"
},
{
"name": "5778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5778"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1824",
"datePublished": "2005-06-28T04:00:00Z",
"dateReserved": "2005-06-28T04:00:00Z",
"dateUpdated": "2024-09-17T00:50:56.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-5071
Vulnerability from cvelistv5
Published
2011-12-07 19:00
Modified
2024-09-16 23:31
Severity ?
EPSS score ?
Summary
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://w2spconf.com/2010/papers/p26.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://w2spconf.com/2010/papers/p26.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-07T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://w2spconf.com/2010/papers/p26.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://w2spconf.com/2010/papers/p26.pdf",
"refsource": "MISC",
"url": "http://w2spconf.com/2010/papers/p26.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5071",
"datePublished": "2011-12-07T19:00:00Z",
"dateReserved": "2011-12-07T00:00:00Z",
"dateUpdated": "2024-09-16T23:31:42.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1245
Vulnerability from cvelistv5
Published
2006-03-17 01:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015794",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015794"
},
{
"name": "20061205 Re: MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453554/100/0/threaded"
},
{
"name": "18957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18957"
},
{
"name": "oval:org.mitre.oval:def:1569",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569"
},
{
"name": "19269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19269"
},
{
"name": "oval:org.mitre.oval:def:1451",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451"
},
{
"name": "20060325 Re: [optimized PoC] Remote overflow in MSIE script action handlers (mshtml.dll)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428810/100/0/threaded"
},
{
"name": "TA06-101A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "oval:org.mitre.oval:def:1632",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632"
},
{
"name": "ie-mshtml-bo(25292)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25292"
},
{
"name": "17131",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17131"
},
{
"name": "20060316 Remote overflow in MSIE script action handlers (mshtml.dll)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html"
},
{
"name": "oval:org.mitre.oval:def:1599",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599"
},
{
"name": "20061203 MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453436/100/0/threaded"
},
{
"name": "VU#984473",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/984473"
},
{
"name": "MS06-013",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "oval:org.mitre.oval:def:1766",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766"
},
{
"name": "ADV-2006-1318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "23964",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23964"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the \"Multiple Event Handler Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1015794",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015794"
},
{
"name": "20061205 Re: MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453554/100/0/threaded"
},
{
"name": "18957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18957"
},
{
"name": "oval:org.mitre.oval:def:1569",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569"
},
{
"name": "19269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19269"
},
{
"name": "oval:org.mitre.oval:def:1451",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451"
},
{
"name": "20060325 Re: [optimized PoC] Remote overflow in MSIE script action handlers (mshtml.dll)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428810/100/0/threaded"
},
{
"name": "TA06-101A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "oval:org.mitre.oval:def:1632",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632"
},
{
"name": "ie-mshtml-bo(25292)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25292"
},
{
"name": "17131",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17131"
},
{
"name": "20060316 Remote overflow in MSIE script action handlers (mshtml.dll)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html"
},
{
"name": "oval:org.mitre.oval:def:1599",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599"
},
{
"name": "20061203 MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453436/100/0/threaded"
},
{
"name": "VU#984473",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/984473"
},
{
"name": "MS06-013",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "oval:org.mitre.oval:def:1766",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766"
},
{
"name": "ADV-2006-1318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "23964",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23964"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the \"Multiple Event Handler Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015794",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015794"
},
{
"name": "20061205 Re: MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453554/100/0/threaded"
},
{
"name": "18957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18957"
},
{
"name": "oval:org.mitre.oval:def:1569",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569"
},
{
"name": "19269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19269"
},
{
"name": "oval:org.mitre.oval:def:1451",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451"
},
{
"name": "20060325 Re: [optimized PoC] Remote overflow in MSIE script action handlers (mshtml.dll)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428810/100/0/threaded"
},
{
"name": "TA06-101A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "oval:org.mitre.oval:def:1632",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632"
},
{
"name": "ie-mshtml-bo(25292)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25292"
},
{
"name": "17131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17131"
},
{
"name": "20060316 Remote overflow in MSIE script action handlers (mshtml.dll)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html"
},
{
"name": "oval:org.mitre.oval:def:1599",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599"
},
{
"name": "20061203 MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453436/100/0/threaded"
},
{
"name": "VU#984473",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/984473"
},
{
"name": "MS06-013",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "oval:org.mitre.oval:def:1766",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766"
},
{
"name": "ADV-2006-1318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "23964",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23964"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-1245",
"datePublished": "2006-03-17T01:00:00",
"dateReserved": "2006-03-17T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0979
Vulnerability from cvelistv5
Published
2004-10-21 04:00
Modified
2024-08-08 00:39
Severity ?
EPSS score ?
Summary
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | vendor-advisory, x_refsource_MS | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17820 | vdb-entry, x_refsource_XF | |
| http://www.us-cert.gov/cas/techalerts/TA04-293A.html | third-party-advisory, x_refsource_CERT | |
| http://www.kb.cert.org/vuls/id/630720 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "ie-dragdrop-security-bypass(17820)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17820"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "VU#630720",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/630720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer on Windows XP does not properly modify the \"Drag and Drop or copy and paste files\" setting when the user sets it to \"Disable\" or \"Prompt,\" which may enable security-sensitive operations that are inconsistent with the user\u0027s intended configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "ie-dragdrop-security-bypass(17820)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17820"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "VU#630720",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/630720"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer on Windows XP does not properly modify the \"Drag and Drop or copy and paste files\" setting when the user sets it to \"Disable\" or \"Prompt,\" which may enable security-sensitive operations that are inconsistent with the user\u0027s intended configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "ie-dragdrop-security-bypass(17820)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17820"
},
{
"name": "TA04-293A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "VU#630720",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/630720"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0979",
"datePublished": "2004-10-21T04:00:00",
"dateReserved": "2004-10-20T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2125
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-09-17 03:42
Severity ?
EPSS score ?
Summary
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/10180.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5778 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/292842 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:51:17.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-ssl-certificate-expired(10180)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10180.php"
},
{
"name": "5778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5778"
},
{
"name": "20020923 IE6 SSL Certificate Chain Verification",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/292842"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user\u0027s local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-16T07:37:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-ssl-certificate-expired(10180)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10180.php"
},
{
"name": "5778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5778"
},
{
"name": "20020923 IE6 SSL Certificate Chain Verification",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/292842"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user\u0027s local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-ssl-certificate-expired(10180)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10180.php"
},
{
"name": "5778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5778"
},
{
"name": "20020923 IE6 SSL Certificate Chain Verification",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/292842"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2125",
"datePublished": "2005-11-16T07:37:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-17T03:42:55.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3910
Vulnerability from cvelistv5
Published
2006-07-28 00:00
Modified
2024-08-07 18:48
Severity ?
EPSS score ?
Summary
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html | x_refsource_MISC | |
| http://www.osvdb.org/27112 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/19079 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27845 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/2915 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html"
},
{
"name": "27112",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27112"
},
{
"name": "19079",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19079"
},
{
"name": "ie-ovctl-newdefaultitem-dos(27845)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27845"
},
{
"name": "ADV-2006-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html"
},
{
"name": "27112",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27112"
},
{
"name": "19079",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19079"
},
{
"name": "ie-ovctl-newdefaultitem-dos(27845)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27845"
},
{
"name": "ADV-2006-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html"
},
{
"name": "27112",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27112"
},
{
"name": "19079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19079"
},
{
"name": "ie-ovctl-newdefaultitem-dos(27845)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27845"
},
{
"name": "ADV-2006-2915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3910",
"datePublished": "2006-07-28T00:00:00",
"dateReserved": "2006-07-27T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0479
Vulnerability from cvelistv5
Published
2004-05-20 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html | mailing-list, x_refsource_FULLDISC | |
| http://marc.info/?l=vuln-dev&m=108476938219070&w=2 | mailing-list, x_refsource_VULN-DEV | |
| http://marc.info/?l=vuln-dev&m=108457938412310&w=2 | mailing-list, x_refsource_VULN-DEV |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:15.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040514 IE Crash - Anyone Seen This Before?",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html"
},
{
"name": "20040516 Re: IE Crash - Anyone Seen This Before?",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=108476938219070\u0026w=2"
},
{
"name": "20040514 IE Crash - Anyone Seen This Before?",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=108457938412310\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040514 IE Crash - Anyone Seen This Before?",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html"
},
{
"name": "20040516 Re: IE Crash - Anyone Seen This Before?",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=108476938219070\u0026w=2"
},
{
"name": "20040514 IE Crash - Anyone Seen This Before?",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=108457938412310\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040514 IE Crash - Anyone Seen This Before?",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html"
},
{
"name": "20040516 Re: IE Crash - Anyone Seen This Before?",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev\u0026m=108476938219070\u0026w=2"
},
{
"name": "20040514 IE Crash - Anyone Seen This Before?",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev\u0026m=108457938412310\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0479",
"datePublished": "2004-05-20T04:00:00",
"dateReserved": "2004-05-17T00:00:00",
"dateUpdated": "2024-08-08T00:17:15.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1545
Vulnerability from cvelistv5
Published
2012-03-09 11:00
Modified
2024-09-17 02:01
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
References
| ▼ | URL | Tags |
|---|---|---|
| http://pwn2own.zerodayinitiative.com/status.html | x_refsource_MISC | |
| http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars | x_refsource_MISC | |
| http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621 | x_refsource_MISC | |
| http://twitter.com/vupen/statuses/177895844828291073 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pwn2own.zerodayinitiative.com/status.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/vupen/statuses/177895844828291073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-09T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pwn2own.zerodayinitiative.com/status.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/vupen/statuses/177895844828291073"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pwn2own.zerodayinitiative.com/status.html",
"refsource": "MISC",
"url": "http://pwn2own.zerodayinitiative.com/status.html"
},
{
"name": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars",
"refsource": "MISC",
"url": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars"
},
{
"name": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621",
"refsource": "MISC",
"url": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621"
},
{
"name": "http://twitter.com/vupen/statuses/177895844828291073",
"refsource": "MISC",
"url": "http://twitter.com/vupen/statuses/177895844828291073"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1545",
"datePublished": "2012-03-09T11:00:00Z",
"dateReserved": "2012-03-09T00:00:00Z",
"dateUpdated": "2024-09-17T02:01:01.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0530
Vulnerability from cvelistv5
Published
2003-08-22 04:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/9580 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/12962 | vdb-entry, x_refsource_XF | |
| http://www.cert.org/advisories/CA-2003-22.html | third-party-advisory, x_refsource_CERT | |
| http://www.kb.cert.org/vuls/id/548964 | third-party-advisory, x_refsource_CERT-VN | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/8454 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1007538 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9580"
},
{
"name": "ie-br549-activex-bo(12962)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962"
},
{
"name": "CA-2003-22",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-22.html"
},
{
"name": "VU#548964",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/548964"
},
{
"name": "MS03-032",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name": "8454",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8454"
},
{
"name": "1007538",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007538"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9580"
},
{
"name": "ie-br549-activex-bo(12962)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962"
},
{
"name": "CA-2003-22",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-22.html"
},
{
"name": "VU#548964",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/548964"
},
{
"name": "MS03-032",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name": "8454",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8454"
},
{
"name": "1007538",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007538"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9580"
},
{
"name": "ie-br549-activex-bo(12962)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962"
},
{
"name": "CA-2003-22",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-22.html"
},
{
"name": "VU#548964",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/548964"
},
{
"name": "MS03-032",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name": "8454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8454"
},
{
"name": "1007538",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007538"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0530",
"datePublished": "2003-08-22T04:00:00",
"dateReserved": "2003-07-08T00:00:00",
"dateUpdated": "2024-08-08T01:58:11.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3659
Vulnerability from cvelistv5
Published
2006-07-17 19:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/27108 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/19013 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27761 | vdb-entry, x_refsource_XF | |
| http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2006/2831 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27108",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27108"
},
{
"name": "19013",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19013"
},
{
"name": "ie-mhtmlfile-dos(27761)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27761"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html"
},
{
"name": "ADV-2006-2831",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2831"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27108",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27108"
},
{
"name": "19013",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19013"
},
{
"name": "ie-mhtmlfile-dos(27761)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27761"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html"
},
{
"name": "ADV-2006-2831",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2831"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27108",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27108"
},
{
"name": "19013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19013"
},
{
"name": "ie-mhtmlfile-dos(27761)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27761"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html"
},
{
"name": "ADV-2006-2831",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2831"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3659",
"datePublished": "2006-07-17T19:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1085
Vulnerability from cvelistv5
Published
2008-04-08 23:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA08-099A.html | third-party-advisory, x_refsource_CERT | |
| http://marc.info/?l=bugtraq&m=120845064910729&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.vupen.com/english/advisories/2008/1148/references | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=120845064910729&w=2 | vendor-advisory, x_refsource_HP | |
| http://secunia.com/secunia_research/2007-100/advisory/ | x_refsource_MISC | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id?1019801 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/28552 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/490840/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/27707 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA08-099A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
},
{
"name": "SSRT080048",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
},
{
"name": "ADV-2008-1148",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1148/references"
},
{
"name": "HPSBST02329",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2007-100/advisory/"
},
{
"name": "MS08-024",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024"
},
{
"name": "1019801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019801"
},
{
"name": "28552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28552"
},
{
"name": "20080414 Secunia Research: Internet Explorer Data Stream HandlingVulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490840/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:5563",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563"
},
{
"name": "27707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27707"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA08-099A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
},
{
"name": "SSRT080048",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
},
{
"name": "ADV-2008-1148",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1148/references"
},
{
"name": "HPSBST02329",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2007-100/advisory/"
},
{
"name": "MS08-024",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024"
},
{
"name": "1019801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019801"
},
{
"name": "28552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28552"
},
{
"name": "20080414 Secunia Research: Internet Explorer Data Stream HandlingVulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490840/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:5563",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563"
},
{
"name": "27707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27707"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-1085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA08-099A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
},
{
"name": "SSRT080048",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
},
{
"name": "ADV-2008-1148",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1148/references"
},
{
"name": "HPSBST02329",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
},
{
"name": "http://secunia.com/secunia_research/2007-100/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-100/advisory/"
},
{
"name": "MS08-024",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024"
},
{
"name": "1019801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019801"
},
{
"name": "28552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28552"
},
{
"name": "20080414 Secunia Research: Internet Explorer Data Stream HandlingVulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490840/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:5563",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563"
},
{
"name": "27707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27707"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-1085",
"datePublished": "2008-04-08T23:00:00",
"dateReserved": "2008-02-28T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0024
Vulnerability from cvelistv5
Published
2007-01-09 23:00
Modified
2024-08-07 12:03
Severity ?
EPSS score ?
Summary
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0129",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0129"
},
{
"name": "MS07-004",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
},
{
"name": "TA07-009A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "21930",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21930"
},
{
"name": "VU#122084",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/122084"
},
{
"name": "HPSBST02184",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1058",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
},
{
"name": "23677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23677"
},
{
"name": "1017489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017489"
},
{
"name": "ie-vml-record-bo(31287)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
},
{
"name": "20070116 MS07-004 VML Integer Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
},
{
"name": "ADV-2007-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0105"
},
{
"name": "31250",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31250"
},
{
"name": "SSRT071296",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "20070117 Re: MS07-004 VML Integer Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
},
{
"name": "929969",
"tags": [
"vendor-advisory",
"x_refsource_MSKB",
"x_transferred"
],
"url": "http://support.microsoft.com/?kbid=929969"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
},
{
"name": "20070109 Microsoft Windows VML Element Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2007-0129",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0129"
},
{
"name": "MS07-004",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
},
{
"name": "TA07-009A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "21930",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21930"
},
{
"name": "VU#122084",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/122084"
},
{
"name": "HPSBST02184",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1058",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
},
{
"name": "23677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23677"
},
{
"name": "1017489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017489"
},
{
"name": "ie-vml-record-bo(31287)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
},
{
"name": "20070116 MS07-004 VML Integer Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
},
{
"name": "ADV-2007-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0105"
},
{
"name": "31250",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31250"
},
{
"name": "SSRT071296",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "20070117 Re: MS07-004 VML Integer Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
},
{
"name": "929969",
"tags": [
"vendor-advisory",
"x_refsource_MSKB"
],
"url": "http://support.microsoft.com/?kbid=929969"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
},
{
"name": "20070109 Microsoft Windows VML Element Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0129",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0129"
},
{
"name": "MS07-004",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
},
{
"name": "TA07-009A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "21930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21930"
},
{
"name": "VU#122084",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/122084"
},
{
"name": "HPSBST02184",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1058",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
},
{
"name": "23677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23677"
},
{
"name": "1017489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017489"
},
{
"name": "ie-vml-record-bo(31287)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
},
{
"name": "20070116 MS07-004 VML Integer Overflow Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
},
{
"name": "ADV-2007-0105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0105"
},
{
"name": "31250",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31250"
},
{
"name": "SSRT071296",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "20070117 Re: MS07-004 VML Integer Overflow Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
},
{
"name": "929969",
"refsource": "MSKB",
"url": "http://support.microsoft.com/?kbid=929969"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
},
{
"name": "20070109 Microsoft Windows VML Element Integer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0024",
"datePublished": "2007-01-09T23:00:00",
"dateReserved": "2007-01-03T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0944
Vulnerability from cvelistv5
Published
2007-05-08 23:00
Modified
2024-08-07 12:34
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-object-array-code-execution(33253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33253"
},
{
"name": "oval:org.mitre.oval:def:1722",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1722"
},
{
"name": "HPSBST02214",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"name": "ADV-2007-1712",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1712"
},
{
"name": "1018019",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018019"
},
{
"name": "SSRT071422",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"name": "MS07-027",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027"
},
{
"name": "23769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23769"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-027.html"
},
{
"name": "34400",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/34400"
},
{
"name": "TA07-128A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html"
},
{
"name": "20070508 ZDI-07-027: Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467989/100/0/threaded"
},
{
"name": "23771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23771"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the \"Uninitialized Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ie-object-array-code-execution(33253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33253"
},
{
"name": "oval:org.mitre.oval:def:1722",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1722"
},
{
"name": "HPSBST02214",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"name": "ADV-2007-1712",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1712"
},
{
"name": "1018019",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018019"
},
{
"name": "SSRT071422",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"name": "MS07-027",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027"
},
{
"name": "23769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23769"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-027.html"
},
{
"name": "34400",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/34400"
},
{
"name": "TA07-128A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html"
},
{
"name": "20070508 ZDI-07-027: Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467989/100/0/threaded"
},
{
"name": "23771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23771"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-object-array-code-execution(33253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33253"
},
{
"name": "oval:org.mitre.oval:def:1722",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1722"
},
{
"name": "HPSBST02214",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"name": "ADV-2007-1712",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1712"
},
{
"name": "1018019",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018019"
},
{
"name": "SSRT071422",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"name": "MS07-027",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027"
},
{
"name": "23769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23769"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-027.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-027.html"
},
{
"name": "34400",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34400"
},
{
"name": "TA07-128A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html"
},
{
"name": "20070508 ZDI-07-027: Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467989/100/0/threaded"
},
{
"name": "23771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23771"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0944",
"datePublished": "2007-05-08T23:00:00",
"dateReserved": "2007-02-14T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3944
Vulnerability from cvelistv5
Published
2006-07-31 23:00
Modified
2024-08-07 18:48
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/27372 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/19113 | vdb-entry, x_refsource_BID | |
| http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27931 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/2954 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27372",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27372"
},
{
"name": "19113",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html"
},
{
"name": "ie-listwidth-dos(27931)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27931"
},
{
"name": "ADV-2006-2954",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27372",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27372"
},
{
"name": "19113",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html"
},
{
"name": "ie-listwidth-dos(27931)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27931"
},
{
"name": "ADV-2006-2954",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27372",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27372"
},
{
"name": "19113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19113"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html"
},
{
"name": "ie-listwidth-dos(27931)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27931"
},
{
"name": "ADV-2006-2954",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3944",
"datePublished": "2006-07-31T23:00:00",
"dateReserved": "2006-07-31T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2219
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/12304 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/8978 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17007 | vdb-entry, x_refsource_XF | |
| http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt | x_refsource_MISC | |
| http://securitytracker.com/id?1010957 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040815 NullyFake - Site Spoofing in MSIE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html"
},
{
"name": "12304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12304"
},
{
"name": "8978",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8978"
},
{
"name": "ie-address-bar-spoofing(17007)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17007"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt"
},
{
"name": "1010957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010957"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040815 NullyFake - Site Spoofing in MSIE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html"
},
{
"name": "12304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12304"
},
{
"name": "8978",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8978"
},
{
"name": "ie-address-bar-spoofing(17007)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17007"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt"
},
{
"name": "1010957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010957"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040815 NullyFake - Site Spoofing in MSIE",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html"
},
{
"name": "12304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12304"
},
{
"name": "8978",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8978"
},
{
"name": "ie-address-bar-spoofing(17007)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17007"
},
{
"name": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt",
"refsource": "MISC",
"url": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt"
},
{
"name": "1010957",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010957"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2219",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0162
Vulnerability from cvelistv5
Published
2000-03-22 05:00
Modified
2024-08-08 05:05
Severity ?
EPSS score ?
Summary
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:53.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS00-011",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the \"VM File Reading\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS00-011",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the \"VM File Reading\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS00-011",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0162",
"datePublished": "2000-03-22T05:00:00",
"dateReserved": "2000-02-23T00:00:00",
"dateUpdated": "2024-08-08T05:05:53.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5884
Vulnerability from cvelistv5
Published
2006-11-14 21:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA06-318A.html | third-party-advisory, x_refsource_CERT | |
| http://www.osvdb.org/31324 | vdb-entry, x_refsource_OSVDB | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA06-318A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"name": "31324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31324"
},
{
"name": "MS06-067",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "TA06-318A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"name": "31324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31324"
},
{
"name": "MS06-067",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA06-318A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"name": "31324",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31324"
},
{
"name": "MS06-067",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5884",
"datePublished": "2006-11-14T21:00:00",
"dateReserved": "2006-11-14T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1388
Vulnerability from cvelistv5
Published
2006-03-24 20:00
Modified
2024-08-07 17:12
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:21.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1591",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1591"
},
{
"name": "ie-hta-file-execution(25394)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25394"
},
{
"name": "19378",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19378"
},
{
"name": "VU#434641",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/434641"
},
{
"name": "oval:org.mitre.oval:def:1642",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1642"
},
{
"name": "oval:org.mitre.oval:def:1774",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1774"
},
{
"name": "TA06-101A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "20060321 IE .hta vulnerability reported",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html"
},
{
"name": "oval:org.mitre.oval:def:1676",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed"
},
{
"name": "MS06-013",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "17181",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17181"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jeffrey.vanderstad.net/grasshopper/"
},
{
"name": "1015800",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015800"
},
{
"name": "24095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24095"
},
{
"name": "ADV-2006-1318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "oval:org.mitre.oval:def:1724",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1591",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1591"
},
{
"name": "ie-hta-file-execution(25394)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25394"
},
{
"name": "19378",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19378"
},
{
"name": "VU#434641",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/434641"
},
{
"name": "oval:org.mitre.oval:def:1642",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1642"
},
{
"name": "oval:org.mitre.oval:def:1774",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1774"
},
{
"name": "TA06-101A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "20060321 IE .hta vulnerability reported",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html"
},
{
"name": "oval:org.mitre.oval:def:1676",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed"
},
{
"name": "MS06-013",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "17181",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17181"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jeffrey.vanderstad.net/grasshopper/"
},
{
"name": "1015800",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015800"
},
{
"name": "24095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24095"
},
{
"name": "ADV-2006-1318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "oval:org.mitre.oval:def:1724",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:1591",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1591"
},
{
"name": "ie-hta-file-execution(25394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25394"
},
{
"name": "19378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19378"
},
{
"name": "VU#434641",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/434641"
},
{
"name": "oval:org.mitre.oval:def:1642",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1642"
},
{
"name": "oval:org.mitre.oval:def:1774",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1774"
},
{
"name": "TA06-101A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "20060321 IE .hta vulnerability reported",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html"
},
{
"name": "oval:org.mitre.oval:def:1676",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1676"
},
{
"name": "http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed",
"refsource": "MISC",
"url": "http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed"
},
{
"name": "MS06-013",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "17181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17181"
},
{
"name": "http://jeffrey.vanderstad.net/grasshopper/",
"refsource": "MISC",
"url": "http://jeffrey.vanderstad.net/grasshopper/"
},
{
"name": "1015800",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015800"
},
{
"name": "24095",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24095"
},
{
"name": "ADV-2006-1318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "oval:org.mitre.oval:def:1724",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1388",
"datePublished": "2006-03-24T20:00:00",
"dateReserved": "2006-03-24T00:00:00",
"dateUpdated": "2024-08-07T17:12:21.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3658
Vulnerability from cvelistv5
Published
2006-07-17 19:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27760 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/27059 | vdb-entry, x_refsource_OSVDB | |
| http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2006/2814 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-folderitem-dos(27760)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27760"
},
{
"name": "27059",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27059"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html"
},
{
"name": "ADV-2006-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-folderitem-dos(27760)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27760"
},
{
"name": "27059",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27059"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html"
},
{
"name": "ADV-2006-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-folderitem-dos(27760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27760"
},
{
"name": "27059",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27059"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html"
},
{
"name": "ADV-2006-2814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3658",
"datePublished": "2006-07-17T19:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0550
Vulnerability from cvelistv5
Published
2009-04-15 03:49
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1028",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1028"
},
{
"name": "53619",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53619"
},
{
"name": "34677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34677"
},
{
"name": "TA09-104A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "1022041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022041"
},
{
"name": "34678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34678"
},
{
"name": "oval:org.mitre.oval:def:6233",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233"
},
{
"name": "oval:org.mitre.oval:def:7569",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=871138"
},
{
"name": "34439",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34439"
},
{
"name": "MS09-014",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"name": "oval:org.mitre.oval:def:5320",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320"
},
{
"name": "ADV-2009-1027",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1027"
},
{
"name": "MS09-013",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a \"credential-reflection protections\" opt-in step, aka \"Windows HTTP Services Credential Reflection Vulnerability\" and \"WinINet Credential Reflection Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2009-1028",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1028"
},
{
"name": "53619",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53619"
},
{
"name": "34677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34677"
},
{
"name": "TA09-104A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "1022041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022041"
},
{
"name": "34678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34678"
},
{
"name": "oval:org.mitre.oval:def:6233",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233"
},
{
"name": "oval:org.mitre.oval:def:7569",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=871138"
},
{
"name": "34439",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34439"
},
{
"name": "MS09-014",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"name": "oval:org.mitre.oval:def:5320",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320"
},
{
"name": "ADV-2009-1027",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1027"
},
{
"name": "MS09-013",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a \"credential-reflection protections\" opt-in step, aka \"Windows HTTP Services Credential Reflection Vulnerability\" and \"WinINet Credential Reflection Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1028",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1028"
},
{
"name": "53619",
"refsource": "OSVDB",
"url": "http://osvdb.org/53619"
},
{
"name": "34677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34677"
},
{
"name": "TA09-104A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "1022041",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022041"
},
{
"name": "34678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34678"
},
{
"name": "oval:org.mitre.oval:def:6233",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233"
},
{
"name": "oval:org.mitre.oval:def:7569",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569"
},
{
"name": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx"
},
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=871138",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=871138"
},
{
"name": "34439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34439"
},
{
"name": "MS09-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"name": "oval:org.mitre.oval:def:5320",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320"
},
{
"name": "ADV-2009-1027",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1027"
},
{
"name": "MS09-013",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-0550",
"datePublished": "2009-04-15T03:49:00",
"dateReserved": "2009-02-12T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3513
Vulnerability from cvelistv5
Published
2006-07-11 23:00
Modified
2024-08-07 18:30
Severity ?
EPSS score ?
Summary
danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27622 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/2719 | vdb-entry, x_refsource_VUPEN | |
| http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/18902 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/27013 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-directanimation-dauserdata-dos(27622)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27622"
},
{
"name": "ADV-2006-2719",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2719"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html"
},
{
"name": "18902",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18902"
},
{
"name": "27013",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-directanimation-dauserdata-dos(27622)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27622"
},
{
"name": "ADV-2006-2719",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2719"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html"
},
{
"name": "18902",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18902"
},
{
"name": "27013",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-directanimation-dauserdata-dos(27622)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27622"
},
{
"name": "ADV-2006-2719",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2719"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html"
},
{
"name": "18902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18902"
},
{
"name": "27013",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3513",
"datePublished": "2006-07-11T23:00:00",
"dateReserved": "2006-07-11T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3451
Vulnerability from cvelistv5
Published
2006-08-08 23:00
Modified
2024-08-07 18:30
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html"
},
{
"name": "20060808 ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442578/100/0/threaded"
},
{
"name": "1016663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "oval:org.mitre.oval:def:5",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5"
},
{
"name": "VU#262004",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/262004"
},
{
"name": "21396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "1343",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1343"
},
{
"name": "27854",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27854"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "19316",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when \"multiple imports are used on a styleSheets collection\" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html"
},
{
"name": "20060808 ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442578/100/0/threaded"
},
{
"name": "1016663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "oval:org.mitre.oval:def:5",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5"
},
{
"name": "VU#262004",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/262004"
},
{
"name": "21396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "1343",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1343"
},
{
"name": "27854",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27854"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "19316",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when \"multiple imports are used on a styleSheets collection\" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html"
},
{
"name": "20060808 ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442578/100/0/threaded"
},
{
"name": "1016663",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "oval:org.mitre.oval:def:5",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5"
},
{
"name": "VU#262004",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/262004"
},
{
"name": "21396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "1343",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1343"
},
{
"name": "27854",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27854"
},
{
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "19316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3451",
"datePublished": "2006-08-08T23:00:00",
"dateReserved": "2006-07-07T00:00:00",
"dateUpdated": "2024-08-07T18:30:33.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2087
Vulnerability from cvelistv5
Published
2005-06-30 04:00
Modified
2024-08-07 22:15
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050629 SEC-CONSULT SA-20050629-0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112006764714946\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1326",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1326"
},
{
"name": "VU#959049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "TA05-193A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-193A.html"
},
{
"name": "oval:org.mitre.oval:def:793",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A793"
},
{
"name": "VU#939605",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/939605"
},
{
"name": "1014329",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014329"
},
{
"name": "oval:org.mitre.oval:def:1506",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1506"
},
{
"name": "14087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14087"
},
{
"name": "20050702 Microsoft Internet Explorer \"javaprxy.dll\" Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/404055"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/903144.mspx"
},
{
"name": "ie-javaprxydll-execute-code(21193)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21193"
},
{
"name": "15891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15891"
},
{
"name": "MS05-037",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-037"
},
{
"name": "17680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17680"
},
{
"name": "ESB-2005.0489",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT",
"x_transferred"
],
"url": "http://www.auscert.org.au/render.html?it=5225"
},
{
"name": "ADV-2005-0935",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0935"
},
{
"name": "oval:org.mitre.oval:def:1518",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050629 SEC-CONSULT SA-20050629-0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112006764714946\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1326",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1326"
},
{
"name": "VU#959049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "TA05-193A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-193A.html"
},
{
"name": "oval:org.mitre.oval:def:793",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A793"
},
{
"name": "VU#939605",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/939605"
},
{
"name": "1014329",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014329"
},
{
"name": "oval:org.mitre.oval:def:1506",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1506"
},
{
"name": "14087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14087"
},
{
"name": "20050702 Microsoft Internet Explorer \"javaprxy.dll\" Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/404055"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.microsoft.com/technet/security/advisory/903144.mspx"
},
{
"name": "ie-javaprxydll-execute-code(21193)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21193"
},
{
"name": "15891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15891"
},
{
"name": "MS05-037",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-037"
},
{
"name": "17680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17680"
},
{
"name": "ESB-2005.0489",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT"
],
"url": "http://www.auscert.org.au/render.html?it=5225"
},
{
"name": "ADV-2005-0935",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0935"
},
{
"name": "oval:org.mitre.oval:def:1518",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1518"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050629 SEC-CONSULT SA-20050629-0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112006764714946\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1326",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1326"
},
{
"name": "VU#959049",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "TA05-193A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-193A.html"
},
{
"name": "oval:org.mitre.oval:def:793",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A793"
},
{
"name": "VU#939605",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/939605"
},
{
"name": "1014329",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014329"
},
{
"name": "oval:org.mitre.oval:def:1506",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1506"
},
{
"name": "14087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14087"
},
{
"name": "20050702 Microsoft Internet Explorer \"javaprxy.dll\" Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/404055"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/903144.mspx",
"refsource": "MISC",
"url": "http://www.microsoft.com/technet/security/advisory/903144.mspx"
},
{
"name": "ie-javaprxydll-execute-code(21193)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21193"
},
{
"name": "15891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15891"
},
{
"name": "MS05-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-037"
},
{
"name": "17680",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17680"
},
{
"name": "ESB-2005.0489",
"refsource": "AUSCERT",
"url": "http://www.auscert.org.au/render.html?it=5225"
},
{
"name": "ADV-2005-0935",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0935"
},
{
"name": "oval:org.mitre.oval:def:1518",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1518"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2087",
"datePublished": "2005-06-30T04:00:00",
"dateReserved": "2005-06-30T00:00:00",
"dateUpdated": "2024-08-07T22:15:37.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2179
Vulnerability from cvelistv5
Published
2005-07-10 04:00
Modified
2024-09-16 19:19
Severity ?
EPSS score ?
Summary
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/378619 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/378431 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/11412 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/378619"
},
{
"name": "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/378431"
},
{
"name": "11412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-10T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/378619"
},
{
"name": "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/378431"
},
{
"name": "11412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/378619"
},
{
"name": "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/378431"
},
{
"name": "11412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2179",
"datePublished": "2005-07-10T04:00:00Z",
"dateReserved": "2005-07-10T04:00:00Z",
"dateUpdated": "2024-09-16T19:19:34.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0475
Vulnerability from cvelistv5
Published
2004-05-20 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10348 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/363202 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16147 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:15.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10348",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10348"
},
{
"name": "20040513 Showhelp() local CHM file execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/363202"
},
{
"name": "ie-showhelp-chm-execution(16147)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash (\"\\\\\") before the target CHM file, as demonstrated using an \"ms-its\" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10348",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10348"
},
{
"name": "20040513 Showhelp() local CHM file execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/363202"
},
{
"name": "ie-showhelp-chm-execution(16147)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash (\"\\\\\") before the target CHM file, as demonstrated using an \"ms-its\" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10348"
},
{
"name": "20040513 Showhelp() local CHM file execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/363202"
},
{
"name": "ie-showhelp-chm-execution(16147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0475",
"datePublished": "2004-05-20T04:00:00",
"dateReserved": "2004-05-17T00:00:00",
"dateUpdated": "2024-08-08T00:17:15.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0876
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:55
Severity ?
EPSS score ?
Summary
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ185959 | vendor-advisory, x_refsource_MSKB | |
| http://support.microsoft.com/support/kb/articles/q176/6/97.asp | vendor-advisory, x_refsource_MSKB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:28.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Q185959",
"tags": [
"vendor-advisory",
"x_refsource_MSKB",
"x_transferred"
],
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ185959"
},
{
"name": "Q176697",
"tags": [
"vendor-advisory",
"x_refsource_MSKB",
"x_transferred"
],
"url": "http://support.microsoft.com/support/kb/articles/q176/6/97.asp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Internet Explorer 4.0 via EMBED tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "Q185959",
"tags": [
"vendor-advisory",
"x_refsource_MSKB"
],
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ185959"
},
{
"name": "Q176697",
"tags": [
"vendor-advisory",
"x_refsource_MSKB"
],
"url": "http://support.microsoft.com/support/kb/articles/q176/6/97.asp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Internet Explorer 4.0 via EMBED tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Q185959",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q185959"
},
{
"name": "Q176697",
"refsource": "MSKB",
"url": "http://support.microsoft.com/support/kb/articles/q176/6/97.asp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0876",
"datePublished": "2000-01-04T05:00:00",
"dateReserved": "1999-12-08T00:00:00",
"dateUpdated": "2024-08-01T16:55:28.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1719
Vulnerability from cvelistv5
Published
2006-04-11 23:00
Modified
2024-08-07 17:19
Severity ?
EPSS score ?
Summary
Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/430408/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25852 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/430431/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060407 IE6 Crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430408/100/0/threaded"
},
{
"name": "ie-css-scrollbar-dos(25852)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25852"
},
{
"name": "20060410 Re: IE6 Crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430431/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060407 IE6 Crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430408/100/0/threaded"
},
{
"name": "ie-css-scrollbar-dos(25852)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25852"
},
{
"name": "20060410 Re: IE6 Crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430431/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060407 IE6 Crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430408/100/0/threaded"
},
{
"name": "ie-css-scrollbar-dos(25852)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25852"
},
{
"name": "20060410 Re: IE6 Crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430431/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1719",
"datePublished": "2006-04-11T23:00:00",
"dateReserved": "2006-04-11T00:00:00",
"dateUpdated": "2024-08-07T17:19:49.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4679
Vulnerability from cvelistv5
Published
2006-02-01 02:00
Modified
2024-09-16 18:49
Severity ?
EPSS score ?
Summary
Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/17565 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-02-01T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4679",
"datePublished": "2006-02-01T02:00:00Z",
"dateReserved": "2006-01-31T00:00:00Z",
"dateUpdated": "2024-09-16T18:49:01.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2766
Vulnerability from cvelistv5
Published
2006-06-02 10:00
Modified
2024-08-07 17:58
Severity ?
EPSS score ?
Summary
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060531 Internet explorer Vulnerbility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435492/100/0/threaded"
},
{
"name": "VU#891204",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/891204"
},
{
"name": "20384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20384"
},
{
"name": "ADV-2006-2088",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2088"
},
{
"name": "ie-mhtml-mid-bo(26810)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26810"
},
{
"name": "25949",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25949"
},
{
"name": "oval:org.mitre.oval:def:441",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441"
},
{
"name": "1016654",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016654"
},
{
"name": "20060601 Re: Internet explorer Vulnerbility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435609/100/0/threaded"
},
{
"name": "MS06-043",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "18198",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18198"
},
{
"name": "20060601 RE: Internet explorer Vulnerbility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435616/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060531 Internet explorer Vulnerbility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435492/100/0/threaded"
},
{
"name": "VU#891204",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/891204"
},
{
"name": "20384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20384"
},
{
"name": "ADV-2006-2088",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2088"
},
{
"name": "ie-mhtml-mid-bo(26810)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26810"
},
{
"name": "25949",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25949"
},
{
"name": "oval:org.mitre.oval:def:441",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441"
},
{
"name": "1016654",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016654"
},
{
"name": "20060601 Re: Internet explorer Vulnerbility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435609/100/0/threaded"
},
{
"name": "MS06-043",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "18198",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18198"
},
{
"name": "20060601 RE: Internet explorer Vulnerbility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435616/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060531 Internet explorer Vulnerbility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435492/100/0/threaded"
},
{
"name": "VU#891204",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/891204"
},
{
"name": "20384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20384"
},
{
"name": "ADV-2006-2088",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2088"
},
{
"name": "ie-mhtml-mid-bo(26810)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26810"
},
{
"name": "25949",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25949"
},
{
"name": "oval:org.mitre.oval:def:441",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441"
},
{
"name": "1016654",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016654"
},
{
"name": "20060601 Re: Internet explorer Vulnerbility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435609/100/0/threaded"
},
{
"name": "MS06-043",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043"
},
{
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "18198",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18198"
},
{
"name": "20060601 RE: Internet explorer Vulnerbility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435616/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2766",
"datePublished": "2006-06-02T10:00:00",
"dateReserved": "2006-06-01T00:00:00",
"dateUpdated": "2024-08-07T17:58:51.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3450
Vulnerability from cvelistv5
Published
2006-08-08 23:00
Modified
2024-08-07 18:30
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433 | vdb-entry, signature, x_refsource_OVAL | |
| http://securitytracker.com/id?1016663 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | vendor-advisory, x_refsource_MS | |
| http://www.osvdb.org/27855 | vdb-entry, x_refsource_OSVDB | |
| http://www.kb.cert.org/vuls/id/119180 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/21396 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/3212 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/442579/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/19312 | vdb-entry, x_refsource_BID | |
| http://www.zerodayinitiative.com/advisories/ZDI-06-027.html | x_refsource_MISC | |
| http://www.us-cert.gov/cas/techalerts/TA06-220A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:433",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433"
},
{
"name": "1016663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "27855",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27855"
},
{
"name": "VU#119180",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/119180"
},
{
"name": "21396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "20060808 ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442579/100/0/threaded"
},
{
"name": "19312",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19312"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:433",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433"
},
{
"name": "1016663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "27855",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27855"
},
{
"name": "VU#119180",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/119180"
},
{
"name": "21396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "20060808 ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442579/100/0/threaded"
},
{
"name": "19312",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19312"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:433",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433"
},
{
"name": "1016663",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "27855",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27855"
},
{
"name": "VU#119180",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/119180"
},
{
"name": "21396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "20060808 ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442579/100/0/threaded"
},
{
"name": "19312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19312"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html"
},
{
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3450",
"datePublished": "2006-08-08T23:00:00",
"dateReserved": "2006-07-07T00:00:00",
"dateUpdated": "2024-08-07T18:30:33.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3873
Vulnerability from cvelistv5
Published
2006-09-12 23:00
Modified
2024-08-07 18:48
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28893 | vdb-entry, x_refsource_XF | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | vendor-advisory, x_refsource_MS | |
| http://securityreason.com/securityalert/1555 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/445835/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://research.eeye.com/html/advisories/published/AD20060912.html | x_refsource_MISC | |
| http://weblog.infoworld.com/techwatch/archives/007870.html | x_refsource_MISC | |
| http://securitytracker.com/id?1016839 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/19987 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/30834 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-url-compression-bo(28893)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "1555",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1555"
},
{
"name": "20060912 [EEYEB-20080824] Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445835/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20060912.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://weblog.infoworld.com/techwatch/archives/007870.html"
},
{
"name": "1016839",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016839"
},
{
"name": "19987",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19987"
},
{
"name": "30834",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ie-url-compression-bo(28893)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "1555",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1555"
},
{
"name": "20060912 [EEYEB-20080824] Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445835/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/published/AD20060912.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://weblog.infoworld.com/techwatch/archives/007870.html"
},
{
"name": "1016839",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016839"
},
{
"name": "19987",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19987"
},
{
"name": "30834",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-url-compression-bo(28893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893"
},
{
"name": "MS06-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "1555",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1555"
},
{
"name": "20060912 [EEYEB-20080824] Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445835/100/0/threaded"
},
{
"name": "http://research.eeye.com/html/advisories/published/AD20060912.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/published/AD20060912.html"
},
{
"name": "http://weblog.infoworld.com/techwatch/archives/007870.html",
"refsource": "MISC",
"url": "http://weblog.infoworld.com/techwatch/archives/007870.html"
},
{
"name": "1016839",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016839"
},
{
"name": "19987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19987"
},
{
"name": "30834",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3873",
"datePublished": "2006-09-12T23:00:00",
"dateReserved": "2006-07-26T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0212
Vulnerability from cvelistv5
Published
2004-07-14 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040714 Unchecked buffer in mstask.dll",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108981403025596\u0026w=2"
},
{
"name": "win-taskscheduler-bo(16591)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16591"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/mstaskjob.txt"
},
{
"name": "TA04-196A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"name": "oval:org.mitre.oval:def:3428",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428"
},
{
"name": "oval:org.mitre.oval:def:1344",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344"
},
{
"name": "20040714 Microsoft Windows Task Scheduler \u0027.job\u0027 Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108981273009250\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1964",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964"
},
{
"name": "oval:org.mitre.oval:def:1781",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781"
},
{
"name": "VU#228028",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/228028"
},
{
"name": "MS04-022",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022"
},
{
"name": "12060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040714 Unchecked buffer in mstask.dll",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108981403025596\u0026w=2"
},
{
"name": "win-taskscheduler-bo(16591)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16591"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/mstaskjob.txt"
},
{
"name": "TA04-196A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"name": "oval:org.mitre.oval:def:3428",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428"
},
{
"name": "oval:org.mitre.oval:def:1344",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344"
},
{
"name": "20040714 Microsoft Windows Task Scheduler \u0027.job\u0027 Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108981273009250\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1964",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964"
},
{
"name": "oval:org.mitre.oval:def:1781",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781"
},
{
"name": "VU#228028",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/228028"
},
{
"name": "MS04-022",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022"
},
{
"name": "12060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040714 Unchecked buffer in mstask.dll",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108981403025596\u0026w=2"
},
{
"name": "win-taskscheduler-bo(16591)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16591"
},
{
"name": "http://www.ngssoftware.com/advisories/mstaskjob.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/mstaskjob.txt"
},
{
"name": "TA04-196A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"name": "oval:org.mitre.oval:def:3428",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428"
},
{
"name": "oval:org.mitre.oval:def:1344",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344"
},
{
"name": "20040714 Microsoft Windows Task Scheduler \u0027.job\u0027 Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108981273009250\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:1964",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964"
},
{
"name": "oval:org.mitre.oval:def:1781",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781"
},
{
"name": "VU#228028",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/228028"
},
{
"name": "MS04-022",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022"
},
{
"name": "12060",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0212",
"datePublished": "2004-07-14T04:00:00",
"dateReserved": "2004-03-11T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0057
Vulnerability from cvelistv5
Published
2006-01-27 22:00
Modified
2024-08-07 16:18
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/23657 | vdb-entry, x_refsource_OSVDB | |
| http://www.kb.cert.org/vuls/id/998297 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx | x_refsource_MISC | |
| http://www.securityfocus.com/bid/16409 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24379 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23657"
},
{
"name": "VU#998297",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/998297"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx"
},
{
"name": "16409",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16409"
},
{
"name": "ie-activex-killbit-bypass(24379)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24379"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "23657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23657"
},
{
"name": "VU#998297",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/998297"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx"
},
{
"name": "16409",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16409"
},
{
"name": "ie-activex-killbit-bypass(24379)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24379"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2006-0057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23657",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23657"
},
{
"name": "VU#998297",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/998297"
},
{
"name": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx",
"refsource": "MISC",
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx"
},
{
"name": "16409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16409"
},
{
"name": "ie-activex-killbit-bypass(24379)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24379"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2006-0057",
"datePublished": "2006-01-27T22:00:00",
"dateReserved": "2006-01-01T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0809
Vulnerability from cvelistv5
Published
2003-10-08 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/8565 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13300 | vdb-entry, x_refsource_XF | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040 | vendor-advisory, x_refsource_MS | |
| http://www.osvdb.org/7887 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:123",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123"
},
{
"name": "8565",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8565"
},
{
"name": "ie-xmlobject-code-execution(13300)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13300"
},
{
"name": "MS03-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040"
},
{
"name": "7887",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:123",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123"
},
{
"name": "8565",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8565"
},
{
"name": "ie-xmlobject-code-execution(13300)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13300"
},
{
"name": "MS03-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040"
},
{
"name": "7887",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7887"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:123",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123"
},
{
"name": "8565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8565"
},
{
"name": "ie-xmlobject-code-execution(13300)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13300"
},
{
"name": "MS03-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040"
},
{
"name": "7887",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7887"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0809",
"datePublished": "2003-10-08T04:00:00",
"dateReserved": "2003-09-18T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1091
Vulnerability from cvelistv5
Published
2007-02-26 11:00
Modified
2024-08-07 12:43
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lcamtuf.coredump.cx/ietrap"
},
{
"name": "22680",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22680"
},
{
"name": "ADV-2007-0713",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0713"
},
{
"name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded"
},
{
"name": "ie-mozilla-onunload-dos(32647)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647"
},
{
"name": "HPSBST02280",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "23014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23014"
},
{
"name": "SSRT071480",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "ie-mozilla-onunload-url-spoofing(32649)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649"
},
{
"name": "oval:org.mitre.oval:def:2162",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162"
},
{
"name": "20070223 Secunia Research: Internet Explorer 7 \"onunload\" Event SpoofingVulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded"
},
{
"name": "1018788",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018788"
},
{
"name": "2291",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2291"
},
{
"name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html"
},
{
"name": "MS07-057",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057"
},
{
"name": "TA07-282A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lcamtuf.coredump.cx/ietrap"
},
{
"name": "22680",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22680"
},
{
"name": "ADV-2007-0713",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0713"
},
{
"name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded"
},
{
"name": "ie-mozilla-onunload-dos(32647)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647"
},
{
"name": "HPSBST02280",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "23014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23014"
},
{
"name": "SSRT071480",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "ie-mozilla-onunload-url-spoofing(32649)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649"
},
{
"name": "oval:org.mitre.oval:def:2162",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162"
},
{
"name": "20070223 Secunia Research: Internet Explorer 7 \"onunload\" Event SpoofingVulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded"
},
{
"name": "1018788",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018788"
},
{
"name": "2291",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2291"
},
{
"name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html"
},
{
"name": "MS07-057",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057"
},
{
"name": "TA07-282A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lcamtuf.coredump.cx/ietrap",
"refsource": "MISC",
"url": "http://lcamtuf.coredump.cx/ietrap"
},
{
"name": "22680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22680"
},
{
"name": "ADV-2007-0713",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0713"
},
{
"name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded"
},
{
"name": "ie-mozilla-onunload-dos(32647)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647"
},
{
"name": "HPSBST02280",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "23014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23014"
},
{
"name": "SSRT071480",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "ie-mozilla-onunload-url-spoofing(32649)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649"
},
{
"name": "oval:org.mitre.oval:def:2162",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162"
},
{
"name": "20070223 Secunia Research: Internet Explorer 7 \"onunload\" Event SpoofingVulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded"
},
{
"name": "1018788",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018788"
},
{
"name": "2291",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2291"
},
{
"name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html"
},
{
"name": "MS07-057",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057"
},
{
"name": "TA07-282A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1091",
"datePublished": "2007-02-26T11:00:00",
"dateReserved": "2007-02-26T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1218
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/246611 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3729 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:07.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20011220 E5 (SP1) crash the X server on Solaris2.6 chinese edition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/246611"
},
{
"name": "3729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20011220 E5 (SP1) crash the X server on Solaris2.6 chinese edition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/246611"
},
{
"name": "3729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011220 E5 (SP1) crash the X server on Solaris2.6 chinese edition",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/246611"
},
{
"name": "3729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1218",
"datePublished": "2002-03-15T05:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:51:07.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0553
Vulnerability from cvelistv5
Published
2005-04-13 04:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:05.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#774338",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/774338"
},
{
"name": "ie-dhtml-bo(19831)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19831"
},
{
"name": "oval:org.mitre.oval:def:1695",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1695"
},
{
"name": "20050412 Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=228\u0026type=vulnerabilities"
},
{
"name": "14922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14922/"
},
{
"name": "MS05-020",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020"
},
{
"name": "oval:org.mitre.oval:def:4985",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4985"
},
{
"name": "oval:org.mitre.oval:def:4874",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4874"
},
{
"name": "oval:org.mitre.oval:def:3100",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3100"
},
{
"name": "TA05-102A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html"
},
{
"name": "oval:org.mitre.oval:def:3752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka \"DHTML Object Memory Corruption Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "VU#774338",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/774338"
},
{
"name": "ie-dhtml-bo(19831)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19831"
},
{
"name": "oval:org.mitre.oval:def:1695",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1695"
},
{
"name": "20050412 Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=228\u0026type=vulnerabilities"
},
{
"name": "14922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14922/"
},
{
"name": "MS05-020",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020"
},
{
"name": "oval:org.mitre.oval:def:4985",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4985"
},
{
"name": "oval:org.mitre.oval:def:4874",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4874"
},
{
"name": "oval:org.mitre.oval:def:3100",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3100"
},
{
"name": "TA05-102A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html"
},
{
"name": "oval:org.mitre.oval:def:3752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2005-0553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka \"DHTML Object Memory Corruption Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#774338",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/774338"
},
{
"name": "ie-dhtml-bo(19831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19831"
},
{
"name": "oval:org.mitre.oval:def:1695",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1695"
},
{
"name": "20050412 Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=228\u0026type=vulnerabilities"
},
{
"name": "14922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14922/"
},
{
"name": "MS05-020",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020"
},
{
"name": "oval:org.mitre.oval:def:4985",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4985"
},
{
"name": "oval:org.mitre.oval:def:4874",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4874"
},
{
"name": "oval:org.mitre.oval:def:3100",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3100"
},
{
"name": "TA05-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html"
},
{
"name": "oval:org.mitre.oval:def:3752",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2005-0553",
"datePublished": "2005-04-13T04:00:00",
"dateReserved": "2005-02-26T00:00:00",
"dateUpdated": "2024-08-07T21:21:05.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4269
Vulnerability from cvelistv5
Published
2005-12-15 20:00
Modified
2024-09-16 17:18
Severity ?
EPSS score ?
Summary
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.microsoft.com/kb/908233/ | vendor-advisory, x_refsource_MSKB | |
| http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "908233",
"tags": [
"vendor-advisory",
"x_refsource_MSKB",
"x_transferred"
],
"url": "http://support.microsoft.com/kb/908233/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the \"Delete\" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-15T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "908233",
"tags": [
"vendor-advisory",
"x_refsource_MSKB"
],
"url": "http://support.microsoft.com/kb/908233/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the \"Delete\" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "908233",
"refsource": "MSKB",
"url": "http://support.microsoft.com/kb/908233/"
},
{
"name": "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4269",
"datePublished": "2005-12-15T20:00:00Z",
"dateReserved": "2005-12-15T00:00:00Z",
"dateUpdated": "2024-09-16T17:18:55.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0845
Vulnerability from cvelistv5
Published
2004-10-16 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:2219",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219"
},
{
"name": "oval:org.mitre.oval:def:5150",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150"
},
{
"name": "ie-cache-ssl-obtain-information(17654)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17654"
},
{
"name": "oval:org.mitre.oval:def:5740",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:5520",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520"
},
{
"name": "oval:org.mitre.oval:def:3872",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872"
},
{
"name": "20041013 ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109770364504803\u0026w=2"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "ie-ms04038-patch(17651)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"name": "VU#795720",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/795720"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt"
},
{
"name": "oval:org.mitre.oval:def:7611",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:2219",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219"
},
{
"name": "oval:org.mitre.oval:def:5150",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150"
},
{
"name": "ie-cache-ssl-obtain-information(17654)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17654"
},
{
"name": "oval:org.mitre.oval:def:5740",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:5520",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520"
},
{
"name": "oval:org.mitre.oval:def:3872",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872"
},
{
"name": "20041013 ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109770364504803\u0026w=2"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "ie-ms04038-patch(17651)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"name": "VU#795720",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/795720"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt"
},
{
"name": "oval:org.mitre.oval:def:7611",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:2219",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219"
},
{
"name": "oval:org.mitre.oval:def:5150",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150"
},
{
"name": "ie-cache-ssl-obtain-information(17654)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17654"
},
{
"name": "oval:org.mitre.oval:def:5740",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740"
},
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:5520",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520"
},
{
"name": "oval:org.mitre.oval:def:3872",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872"
},
{
"name": "20041013 ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109770364504803\u0026w=2"
},
{
"name": "TA04-293A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "ie-ms04038-patch(17651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"name": "VU#795720",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/795720"
},
{
"name": "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt",
"refsource": "MISC",
"url": "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt"
},
{
"name": "oval:org.mitre.oval:def:7611",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0845",
"datePublished": "2004-10-16T04:00:00",
"dateReserved": "2004-09-08T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0113
Vulnerability from cvelistv5
Published
2003-04-26 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=105718285107246&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926 | vdb-entry, signature, x_refsource_OVAL | |
| http://marc.info/?l=bugtraq&m=105138417416900&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/169753 | third-party-advisory, x_refsource_CERT-VN | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030701 URLMON.DLL buffer overflow - technical details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105718285107246\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:926",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926"
},
{
"name": "20030426 Buffer overflow in Internet Explorer\u0027s HTTP parsing code",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105138417416900\u0026w=2"
},
{
"name": "VU#169753",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/169753"
},
{
"name": "MS03-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030701 URLMON.DLL buffer overflow - technical details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105718285107246\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:926",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926"
},
{
"name": "20030426 Buffer overflow in Internet Explorer\u0027s HTTP parsing code",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105138417416900\u0026w=2"
},
{
"name": "VU#169753",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/169753"
},
{
"name": "MS03-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030701 URLMON.DLL buffer overflow - technical details",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105718285107246\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:926",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926"
},
{
"name": "20030426 Buffer overflow in Internet Explorer\u0027s HTTP parsing code",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105138417416900\u0026w=2"
},
{
"name": "VU#169753",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/169753"
},
{
"name": "MS03-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0113",
"datePublished": "2003-04-26T04:00:00",
"dateReserved": "2003-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2126
Vulnerability from cvelistv5
Published
2005-10-21 04:00
Modified
2024-08-07 22:15
Severity ?
EPSS score ?
Summary
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#415828",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/415828"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf"
},
{
"name": "1015036",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015036"
},
{
"name": "oval:org.mitre.oval:def:1284",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1284"
},
{
"name": "MS05-044",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-044"
},
{
"name": "17223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17223"
},
{
"name": "oval:org.mitre.oval:def:1416",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1416"
},
{
"name": "oval:org.mitre.oval:def:1146",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1146"
},
{
"name": "17172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html"
},
{
"name": "17163",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when \"Enable Folder View for FTP Sites\" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "VU#415828",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/415828"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf"
},
{
"name": "1015036",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015036"
},
{
"name": "oval:org.mitre.oval:def:1284",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1284"
},
{
"name": "MS05-044",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-044"
},
{
"name": "17223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17223"
},
{
"name": "oval:org.mitre.oval:def:1416",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1416"
},
{
"name": "oval:org.mitre.oval:def:1146",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1146"
},
{
"name": "17172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html"
},
{
"name": "17163",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2005-2126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when \"Enable Folder View for FTP Sites\" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#415828",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/415828"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf"
},
{
"name": "1015036",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015036"
},
{
"name": "oval:org.mitre.oval:def:1284",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1284"
},
{
"name": "MS05-044",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-044"
},
{
"name": "17223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17223"
},
{
"name": "oval:org.mitre.oval:def:1416",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1416"
},
{
"name": "oval:org.mitre.oval:def:1146",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1146"
},
{
"name": "17172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17172"
},
{
"name": "http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html"
},
{
"name": "17163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2005-2126",
"datePublished": "2005-10-21T04:00:00",
"dateReserved": "2005-07-02T00:00:00",
"dateUpdated": "2024-08-07T22:15:37.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1990
Vulnerability from cvelistv5
Published
2005-08-10 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1235",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235"
},
{
"name": "VU#959049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "14511",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14511"
},
{
"name": "oval:org.mitre.oval:def:1061",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061"
},
{
"name": "16373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16373/"
},
{
"name": "oval:org.mitre.oval:def:1221",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221"
},
{
"name": "TA05-221A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html"
},
{
"name": "oval:org.mitre.oval:def:100082",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082"
},
{
"name": "MS05-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"name": "oval:org.mitre.oval:def:1337",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337"
},
{
"name": "1014643",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014643"
},
{
"name": "ADV-2005-1353",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka \"COM Object Instantiation Memory Corruption Vulnerability,\" a different vulnerability than CVE-2005-2087."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1235",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235"
},
{
"name": "VU#959049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "14511",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14511"
},
{
"name": "oval:org.mitre.oval:def:1061",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061"
},
{
"name": "16373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16373/"
},
{
"name": "oval:org.mitre.oval:def:1221",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221"
},
{
"name": "TA05-221A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html"
},
{
"name": "oval:org.mitre.oval:def:100082",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082"
},
{
"name": "MS05-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"name": "oval:org.mitre.oval:def:1337",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337"
},
{
"name": "1014643",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014643"
},
{
"name": "ADV-2005-1353",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2005-1990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka \"COM Object Instantiation Memory Corruption Vulnerability,\" a different vulnerability than CVE-2005-2087."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:1235",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235"
},
{
"name": "VU#959049",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "14511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14511"
},
{
"name": "oval:org.mitre.oval:def:1061",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061"
},
{
"name": "16373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16373/"
},
{
"name": "oval:org.mitre.oval:def:1221",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221"
},
{
"name": "TA05-221A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html"
},
{
"name": "oval:org.mitre.oval:def:100082",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082"
},
{
"name": "MS05-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"name": "oval:org.mitre.oval:def:1337",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337"
},
{
"name": "1014643",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014643"
},
{
"name": "ADV-2005-1353",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2005-1990",
"datePublished": "2005-08-10T04:00:00",
"dateReserved": "2005-06-17T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0531
Vulnerability from cvelistv5
Published
2003-08-22 04:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/9580 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cert.org/advisories/CA-2003-22.html | third-party-advisory, x_refsource_CERT | |
| http://www.lac.co.jp/security/english/snsadv_e/67_e.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/12961 | vdb-entry, x_refsource_XF | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 | vendor-advisory, x_refsource_MS | |
| http://www.kb.cert.org/vuls/id/205148 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/8457 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9580"
},
{
"name": "CA-2003-22",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-22.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/security/english/snsadv_e/67_e.html"
},
{
"name": "ie-cache-script-injection(12961)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12961"
},
{
"name": "MS03-032",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name": "VU#205148",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/205148"
},
{
"name": "8457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the \"Browser Cache Script Execution in My Computer Zone\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9580"
},
{
"name": "CA-2003-22",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-22.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/security/english/snsadv_e/67_e.html"
},
{
"name": "ie-cache-script-injection(12961)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12961"
},
{
"name": "MS03-032",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name": "VU#205148",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/205148"
},
{
"name": "8457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the \"Browser Cache Script Execution in My Computer Zone\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9580"
},
{
"name": "CA-2003-22",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-22.html"
},
{
"name": "http://www.lac.co.jp/security/english/snsadv_e/67_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/english/snsadv_e/67_e.html"
},
{
"name": "ie-cache-script-injection(12961)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12961"
},
{
"name": "MS03-032",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name": "VU#205148",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/205148"
},
{
"name": "8457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0531",
"datePublished": "2003-08-22T04:00:00",
"dateReserved": "2003-07-08T00:00:00",
"dateUpdated": "2024-08-08T01:58:11.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1331
Vulnerability from cvelistv5
Published
2005-01-06 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/3220 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18181 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/11686 | vdb-entry, x_refsource_BID | |
| http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php | x_refsource_MISC | |
| http://secunia.com/advisories/13203/ | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/743974 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3220",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3220"
},
{
"name": "ie-execommand-warning-bypass(18181)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18181"
},
{
"name": "11686",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11686"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php"
},
{
"name": "13203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13203/"
},
{
"name": "20041119 Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity...",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html"
},
{
"name": "VU#743974",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/743974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the \"File Download - Security Warning\" dialog and save arbitrary files with arbitrary extensions via the SaveAs command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3220",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3220"
},
{
"name": "ie-execommand-warning-bypass(18181)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18181"
},
{
"name": "11686",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11686"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php"
},
{
"name": "13203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13203/"
},
{
"name": "20041119 Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity...",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html"
},
{
"name": "VU#743974",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/743974"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the \"File Download - Security Warning\" dialog and save arbitrary files with arbitrary extensions via the SaveAs command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3220",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3220"
},
{
"name": "ie-execommand-warning-bypass(18181)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18181"
},
{
"name": "11686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11686"
},
{
"name": "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php",
"refsource": "MISC",
"url": "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php"
},
{
"name": "13203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13203/"
},
{
"name": "20041119 Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity...",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html"
},
{
"name": "VU#743974",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/743974"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1331",
"datePublished": "2005-01-06T05:00:00",
"dateReserved": "2005-01-06T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0056
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:2817",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817"
},
{
"name": "oval:org.mitre.oval:def:2385",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385"
},
{
"name": "MS05-014",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"name": "TA05-039A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "12427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12427"
},
{
"name": "ie-cdf-execute-code(19137)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137"
},
{
"name": "1013126",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013126"
},
{
"name": "oval:org.mitre.oval:def:4085",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085"
},
{
"name": "oval:org.mitre.oval:def:4947",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947"
},
{
"name": "VU#823971",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/823971"
},
{
"name": "oval:org.mitre.oval:def:3318",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the \"Channel Definition Format (CDF) Cross Domain Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:2817",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817"
},
{
"name": "oval:org.mitre.oval:def:2385",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385"
},
{
"name": "MS05-014",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"name": "TA05-039A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "12427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12427"
},
{
"name": "ie-cdf-execute-code(19137)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137"
},
{
"name": "1013126",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013126"
},
{
"name": "oval:org.mitre.oval:def:4085",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085"
},
{
"name": "oval:org.mitre.oval:def:4947",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947"
},
{
"name": "VU#823971",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/823971"
},
{
"name": "oval:org.mitre.oval:def:3318",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the \"Channel Definition Format (CDF) Cross Domain Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:2817",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817"
},
{
"name": "oval:org.mitre.oval:def:2385",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385"
},
{
"name": "MS05-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"name": "TA05-039A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "12427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12427"
},
{
"name": "ie-cdf-execute-code(19137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137"
},
{
"name": "1013126",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013126"
},
{
"name": "oval:org.mitre.oval:def:4085",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085"
},
{
"name": "oval:org.mitre.oval:def:4947",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947"
},
{
"name": "VU#823971",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/823971"
},
{
"name": "oval:org.mitre.oval:def:3318",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0056",
"datePublished": "2005-02-08T05:00:00",
"dateReserved": "2005-01-11T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0329
Vulnerability from cvelistv5
Published
2000-06-02 04:00
Modified
2024-08-08 05:14
Severity ?
EPSS score ?
Summary
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-048 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS99-048",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the \"Active Setup Control\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS99-048",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the \"Active Setup Control\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS99-048",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0329",
"datePublished": "2000-06-02T04:00:00",
"dateReserved": "2000-05-11T00:00:00",
"dateUpdated": "2024-08-08T05:14:21.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1166
Vulnerability from cvelistv5
Published
2004-12-10 05:00
Modified
2024-08-08 00:39
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:01.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/advisories/R7-0032.jsp"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "20080313 Rapid7 Advisory R7-0032: Microsoft Internet Explorer FTP Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489500/100/0/threaded"
},
{
"name": "20041207 7a69Adv#15 - Internet Explorer FTP command injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110253463305359\u0026w=2"
},
{
"name": "29346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29346"
},
{
"name": "11826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11826"
},
{
"name": "web-browser-ftp-command-execution(18384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384"
},
{
"name": "ADV-2006-3212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "28208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28208"
},
{
"name": "ADV-2008-0870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0870"
},
{
"name": "12299",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/12299"
},
{
"name": "oval:org.mitre.oval:def:462",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462"
},
{
"name": "13404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13404"
},
{
"name": "1012444",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (\"%0a\") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/advisories/R7-0032.jsp"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "20080313 Rapid7 Advisory R7-0032: Microsoft Internet Explorer FTP Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489500/100/0/threaded"
},
{
"name": "20041207 7a69Adv#15 - Internet Explorer FTP command injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110253463305359\u0026w=2"
},
{
"name": "29346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29346"
},
{
"name": "11826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11826"
},
{
"name": "web-browser-ftp-command-execution(18384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384"
},
{
"name": "ADV-2006-3212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "28208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28208"
},
{
"name": "ADV-2008-0870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0870"
},
{
"name": "12299",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/12299"
},
{
"name": "oval:org.mitre.oval:def:462",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462"
},
{
"name": "13404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13404"
},
{
"name": "1012444",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (\"%0a\") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rapid7.com/advisories/R7-0032.jsp",
"refsource": "MISC",
"url": "http://www.rapid7.com/advisories/R7-0032.jsp"
},
{
"name": "MS06-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "20080313 Rapid7 Advisory R7-0032: Microsoft Internet Explorer FTP Command Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489500/100/0/threaded"
},
{
"name": "20041207 7a69Adv#15 - Internet Explorer FTP command injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110253463305359\u0026w=2"
},
{
"name": "29346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29346"
},
{
"name": "11826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11826"
},
{
"name": "web-browser-ftp-command-execution(18384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384"
},
{
"name": "ADV-2006-3212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "28208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28208"
},
{
"name": "ADV-2008-0870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0870"
},
{
"name": "12299",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12299"
},
{
"name": "oval:org.mitre.oval:def:462",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462"
},
{
"name": "13404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13404"
},
{
"name": "1012444",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1166",
"datePublished": "2004-12-10T05:00:00",
"dateReserved": "2004-12-09T00:00:00",
"dateUpdated": "2024-08-08T00:39:01.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2576
Vulnerability from cvelistv5
Published
2009-07-22 18:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
References
| ▼ | URL | Tags |
|---|---|---|
| http://websecurity.com.ua/3338/ | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/505120/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/505092/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/505122/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:55.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/3338/"
},
{
"name": "20090725 DoS vulnerabilities in Internet Explorer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html"
},
{
"name": "20090725 Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html"
},
{
"name": "20090720 RE: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505120/100/0/threaded"
},
{
"name": "20090719 DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505092/100/0/threaded"
},
{
"name": "20090720 Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505122/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/3338/"
},
{
"name": "20090725 DoS vulnerabilities in Internet Explorer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html"
},
{
"name": "20090725 Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html"
},
{
"name": "20090720 RE: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505120/100/0/threaded"
},
{
"name": "20090719 DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505092/100/0/threaded"
},
{
"name": "20090720 Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505122/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/3338/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3338/"
},
{
"name": "20090725 DoS vulnerabilities in Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html"
},
{
"name": "20090725 Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html"
},
{
"name": "20090720 RE: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505120/100/0/threaded"
},
{
"name": "20090719 DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505092/100/0/threaded"
},
{
"name": "20090720 Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505122/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2576",
"datePublished": "2009-07-22T18:00:00",
"dateReserved": "2009-07-22T00:00:00",
"dateUpdated": "2024-08-07T05:59:55.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5347
Vulnerability from cvelistv5
Published
2007-12-12 00:00
Modified
2024-08-07 15:24
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4332 | vdb-entry, signature, x_refsource_OVAL | |
| http://securitytracker.com/id?1019078 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/485268/100/0/threaded | vendor-advisory, x_refsource_HP | |
| http://secunia.com/advisories/28036 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38716 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/26427 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069 | vendor-advisory, x_refsource_MS | |
| http://www.vupen.com/english/advisories/2007/4184 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/485268/100/0/threaded | vendor-advisory, x_refsource_HP | |
| http://www.us-cert.gov/cas/techalerts/TA07-345A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:4332",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4332"
},
{
"name": "1019078",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019078"
},
{
"name": "SSRT071506",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "28036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28036"
},
{
"name": "ie-dhtml-object-code-execution(38716)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38716"
},
{
"name": "26427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26427"
},
{
"name": "MS07-069",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"name": "ADV-2007-4184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"name": "HPSBST02299",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "TA07-345A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via \"unexpected method calls to HTML objects,\" aka \"DHTML Object Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:4332",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4332"
},
{
"name": "1019078",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019078"
},
{
"name": "SSRT071506",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "28036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28036"
},
{
"name": "ie-dhtml-object-code-execution(38716)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38716"
},
{
"name": "26427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26427"
},
{
"name": "MS07-069",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"name": "ADV-2007-4184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"name": "HPSBST02299",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "TA07-345A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-5347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via \"unexpected method calls to HTML objects,\" aka \"DHTML Object Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:4332",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4332"
},
{
"name": "1019078",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019078"
},
{
"name": "SSRT071506",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "28036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28036"
},
{
"name": "ie-dhtml-object-code-execution(38716)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38716"
},
{
"name": "26427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26427"
},
{
"name": "MS07-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"name": "ADV-2007-4184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"name": "HPSBST02299",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "TA07-345A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-5347",
"datePublished": "2007-12-12T00:00:00",
"dateReserved": "2007-10-10T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1028
Vulnerability from cvelistv5
Published
2004-01-08 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/7890 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=107038202225587&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13847 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=106979428718705&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.safecenter.net/UMBRELLAWEBV4/threadid10008 | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=106979624321665&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7890"
},
{
"name": "20031201 Comments on 5 IE vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"name": "ie-download-directory-disclosure(13847)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13847"
},
{
"name": "20031125 Note for \"Invalid ContentType may disclose cache directory\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106979428718705\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008"
},
{
"name": "20031125 Invalid ContentType may disclose cache directory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106979624321665\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7890"
},
{
"name": "20031201 Comments on 5 IE vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"name": "ie-download-directory-disclosure(13847)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13847"
},
{
"name": "20031125 Note for \"Invalid ContentType may disclose cache directory\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106979428718705\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008"
},
{
"name": "20031125 Invalid ContentType may disclose cache directory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106979624321665\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7890",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7890"
},
{
"name": "20031201 Comments on 5 IE vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"name": "ie-download-directory-disclosure(13847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13847"
},
{
"name": "20031125 Note for \"Invalid ContentType may disclose cache directory\"",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106979428718705\u0026w=2"
},
{
"name": "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008",
"refsource": "MISC",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008"
},
{
"name": "20031125 Invalid ContentType may disclose cache directory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106979624321665\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1028",
"datePublished": "2004-01-08T05:00:00",
"dateReserved": "2004-01-07T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4446
Vulnerability from cvelistv5
Published
2006-08-30 01:00
Modified
2024-08-07 19:14
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/21910 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/1468 | third-party-advisory, x_refsource_SREASON | |
| http://www.us-cert.gov/cas/techalerts/TA06-318A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/archive/1/444504/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28608 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/28841 | vdb-entry, x_refsource_OSVDB | |
| http://www.xsec.org/index.php?module=releases&act=view&type=1&id=19 | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 | vendor-advisory, x_refsource_MS | |
| http://securitytracker.com/id?1016764 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/19738 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21910"
},
{
"name": "1468",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1468"
},
{
"name": "TA06-318A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"name": "20060827 [XSec-06-10]: Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444504/100/0/threaded"
},
{
"name": "ie-daxctle-dos(28608)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28608"
},
{
"name": "28841",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28841"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=19"
},
{
"name": "oval:org.mitre.oval:def:437",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437"
},
{
"name": "MS06-067",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"name": "1016764",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016764"
},
{
"name": "19738",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19738"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21910"
},
{
"name": "1468",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1468"
},
{
"name": "TA06-318A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"name": "20060827 [XSec-06-10]: Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444504/100/0/threaded"
},
{
"name": "ie-daxctle-dos(28608)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28608"
},
{
"name": "28841",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28841"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=19"
},
{
"name": "oval:org.mitre.oval:def:437",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437"
},
{
"name": "MS06-067",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"name": "1016764",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016764"
},
{
"name": "19738",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19738"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21910",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21910"
},
{
"name": "1468",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1468"
},
{
"name": "TA06-318A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"name": "20060827 [XSec-06-10]: Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444504/100/0/threaded"
},
{
"name": "ie-daxctle-dos(28608)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28608"
},
{
"name": "28841",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28841"
},
{
"name": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=19",
"refsource": "MISC",
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=19"
},
{
"name": "oval:org.mitre.oval:def:437",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437"
},
{
"name": "MS06-067",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"name": "1016764",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016764"
},
{
"name": "19738",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19738"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4446",
"datePublished": "2006-08-30T01:00:00",
"dateReserved": "2006-08-29T00:00:00",
"dateUpdated": "2024-08-07T19:14:46.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3902
Vulnerability from cvelistv5
Published
2007-12-12 00:00
Modified
2024-08-07 14:37
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26506",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26506"
},
{
"name": "1019078",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019078"
},
{
"name": "20071211 Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631"
},
{
"name": "SSRT071506",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "28036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28036"
},
{
"name": "MS07-069",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"name": "ADV-2007-4184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"name": "HPSBST02299",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "TA07-345A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"name": "20071211 ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484887/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-073.html"
},
{
"name": "oval:org.mitre.oval:def:4582",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582"
},
{
"name": "ie-uninit-object-code-execution(38713)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of \"Uninitialized Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "26506",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26506"
},
{
"name": "1019078",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019078"
},
{
"name": "20071211 Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631"
},
{
"name": "SSRT071506",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "28036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28036"
},
{
"name": "MS07-069",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"name": "ADV-2007-4184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"name": "HPSBST02299",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "TA07-345A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"name": "20071211 ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484887/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-073.html"
},
{
"name": "oval:org.mitre.oval:def:4582",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582"
},
{
"name": "ie-uninit-object-code-execution(38713)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-3902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26506"
},
{
"name": "1019078",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019078"
},
{
"name": "20071211 Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631"
},
{
"name": "SSRT071506",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "28036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28036"
},
{
"name": "MS07-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"name": "ADV-2007-4184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"name": "HPSBST02299",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "TA07-345A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"name": "20071211 ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484887/100/0/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-073.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-073.html"
},
{
"name": "oval:org.mitre.oval:def:4582",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582"
},
{
"name": "ie-uninit-object-code-execution(38713)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-3902",
"datePublished": "2007-12-12T00:00:00",
"dateReserved": "2007-07-19T00:00:00",
"dateUpdated": "2024-08-07T14:37:05.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1026
Vulnerability from cvelistv5
Published
2004-01-08 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu"
},
{
"name": "oval:org.mitre.oval:def:630",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630"
},
{
"name": "VU#784102",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/784102"
},
{
"name": "oval:org.mitre.oval:def:689",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689"
},
{
"name": "oval:org.mitre.oval:def:774",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774"
},
{
"name": "20031201 Comments on 5 IE vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:687",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687"
},
{
"name": "TA04-033A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html"
},
{
"name": "oval:org.mitre.oval:def:805",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805"
},
{
"name": "MS04-004",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004"
},
{
"name": "oval:org.mitre.oval:def:643",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643"
},
{
"name": "20031125 BackToFramedJpu - a successor of BackToJpu attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106979349517578\u0026w=2"
},
{
"name": "ie-subframe-xss(13846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13846"
},
{
"name": "oval:org.mitre.oval:def:745",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window\u0027s zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the \"Travel Log Cross Domain Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu"
},
{
"name": "oval:org.mitre.oval:def:630",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630"
},
{
"name": "VU#784102",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/784102"
},
{
"name": "oval:org.mitre.oval:def:689",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689"
},
{
"name": "oval:org.mitre.oval:def:774",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774"
},
{
"name": "20031201 Comments on 5 IE vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:687",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687"
},
{
"name": "TA04-033A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html"
},
{
"name": "oval:org.mitre.oval:def:805",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805"
},
{
"name": "MS04-004",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004"
},
{
"name": "oval:org.mitre.oval:def:643",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643"
},
{
"name": "20031125 BackToFramedJpu - a successor of BackToJpu attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106979349517578\u0026w=2"
},
{
"name": "ie-subframe-xss(13846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13846"
},
{
"name": "oval:org.mitre.oval:def:745",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window\u0027s zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the \"Travel Log Cross Domain Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu",
"refsource": "MISC",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu"
},
{
"name": "oval:org.mitre.oval:def:630",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630"
},
{
"name": "VU#784102",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/784102"
},
{
"name": "oval:org.mitre.oval:def:689",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689"
},
{
"name": "oval:org.mitre.oval:def:774",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774"
},
{
"name": "20031201 Comments on 5 IE vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:687",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687"
},
{
"name": "TA04-033A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html"
},
{
"name": "oval:org.mitre.oval:def:805",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805"
},
{
"name": "MS04-004",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004"
},
{
"name": "oval:org.mitre.oval:def:643",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643"
},
{
"name": "20031125 BackToFramedJpu - a successor of BackToJpu attack",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106979349517578\u0026w=2"
},
{
"name": "ie-subframe-xss(13846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13846"
},
{
"name": "oval:org.mitre.oval:def:745",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1026",
"datePublished": "2004-01-08T05:00:00",
"dateReserved": "2004-01-07T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0866
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109536612321898&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1011332 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/11186 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2"
},
{
"name": "1011332",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011332"
},
{
"name": "web-browser-session-hijack(17415)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415"
},
{
"name": "11186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2"
},
{
"name": "1011332",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011332"
},
{
"name": "web-browser-session-hijack(17415)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415"
},
{
"name": "11186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2"
},
{
"name": "1011332",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011332"
},
{
"name": "web-browser-session-hijack(17415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415"
},
{
"name": "11186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0866",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2004-09-14T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0768
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:28
Severity ?
EPSS score ?
Summary
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/1564 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1564"
},
{
"name": "MS00-055",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the \"Frame Domain Verification\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1564"
},
{
"name": "MS00-055",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the \"Frame Domain Verification\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1564"
},
{
"name": "MS00-055",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0768",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-09-19T00:00:00",
"dateUpdated": "2024-08-08T05:28:41.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0827
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:48
Severity ?
EPSS score ?
Summary
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:38.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "By default, Internet Explorer 5.0 and other versions enables the \"Navigate sub-frames across different domains\" option, which allows frame spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T08:02:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "By default, Internet Explorer 5.0 and other versions enables the \"Navigate sub-frames across different domains\" option, which allows frame spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0827",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-12-07T00:00:00",
"dateUpdated": "2024-08-01T16:48:38.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0701
Vulnerability from cvelistv5
Published
2003-08-22 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/334928 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/12970 | vdb-entry, x_refsource_XF | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 | vendor-advisory, x_refsource_MS | |
| http://marc.info/?l=bugtraq&m=106148101210479&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#334928",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/334928"
},
{
"name": "ie-dbcs-object-bo(12970)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12970"
},
{
"name": "MS03-032",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name": "20030820 [SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106148101210479\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#334928",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/334928"
},
{
"name": "ie-dbcs-object-bo(12970)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12970"
},
{
"name": "MS03-032",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name": "20030820 [SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106148101210479\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#334928",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/334928"
},
{
"name": "ie-dbcs-object-bo(12970)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12970"
},
{
"name": "MS03-032",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name": "20030820 [SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106148101210479\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0701",
"datePublished": "2003-08-22T04:00:00",
"dateReserved": "2003-08-21T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0612
Vulnerability from cvelistv5
Published
2007-01-31 11:00
Modified
2024-08-07 12:26
Severity ?
EPSS score ?
Summary
Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/archive/1/458443/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/32628 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31867 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/2199 | third-party-advisory, x_refsource_SREASON | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/22288 | vdb-entry, x_refsource_BID | |
| http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070128 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html"
},
{
"name": "20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458443/100/0/threaded"
},
{
"name": "32628",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32628"
},
{
"name": "ie-activex-bgcolor-dos(31867)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31867"
},
{
"name": "2199",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2199"
},
{
"name": "20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html"
},
{
"name": "22288",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070128 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html"
},
{
"name": "20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458443/100/0/threaded"
},
{
"name": "32628",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32628"
},
{
"name": "ie-activex-bgcolor-dos(31867)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31867"
},
{
"name": "2199",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2199"
},
{
"name": "20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html"
},
{
"name": "22288",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070128 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html"
},
{
"name": "20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458443/100/0/threaded"
},
{
"name": "32628",
"refsource": "OSVDB",
"url": "http://osvdb.org/32628"
},
{
"name": "ie-activex-bgcolor-dos(31867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31867"
},
{
"name": "2199",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2199"
},
{
"name": "20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html"
},
{
"name": "22288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22288"
},
{
"name": "http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html",
"refsource": "MISC",
"url": "http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0612",
"datePublished": "2007-01-31T11:00:00",
"dateReserved": "2007-01-30T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0518
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/4624 | vdb-entry, x_refsource_XF | |
| http://www.cert.org/advisories/CA-2000-10.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/1309 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt"
},
{
"name": "ie-invalid-frame-image-certificate(4624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4624"
},
{
"name": "CA-2000-10",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2000-10.html"
},
{
"name": "MS00-039",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039"
},
{
"name": "1309",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1309"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different \"SSL Certificate Validation\" vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt"
},
{
"name": "ie-invalid-frame-image-certificate(4624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4624"
},
{
"name": "CA-2000-10",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2000-10.html"
},
{
"name": "MS00-039",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039"
},
{
"name": "1309",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1309"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different \"SSL Certificate Validation\" vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt",
"refsource": "MISC",
"url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt"
},
{
"name": "ie-invalid-frame-image-certificate(4624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4624"
},
{
"name": "CA-2000-10",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2000-10.html"
},
{
"name": "MS00-039",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039"
},
{
"name": "1309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1309"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0518",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5805
Vulnerability from cvelistv5
Published
2006-11-08 22:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1017165 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/450722/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017165"
},
{
"name": "20061103 IE7 website security certificate discrediting exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450722/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site\u0027s URL in the address bar but causes Internet Explorer to report that the certificate is invalid."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017165"
},
{
"name": "20061103 IE7 website security certificate discrediting exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450722/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site\u0027s URL in the address bar but causes Internet Explorer to report that the certificate is invalid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017165",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017165"
},
{
"name": "20061103 IE7 website security certificate discrediting exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450722/100/0/threaded"
},
{
"name": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html",
"refsource": "MISC",
"url": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5805",
"datePublished": "2006-11-08T22:00:00",
"dateReserved": "2006-11-08T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1198
Vulnerability from cvelistv5
Published
2004-12-15 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18282 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/11751 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/archive/1/382257 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:11.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "web-browser-array-dos(18282)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282"
},
{
"name": "11751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11751"
},
{
"name": "20041125 MSIE \u0026 FIREFOX flaws: \"detailed\" advisory and comments that you probably don\u0027t want to read anyway",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html"
},
{
"name": "20041125 MSIE flaws: nested array sort() loop Stack overflow exception",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/382257"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "web-browser-array-dos(18282)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282"
},
{
"name": "11751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11751"
},
{
"name": "20041125 MSIE \u0026 FIREFOX flaws: \"detailed\" advisory and comments that you probably don\u0027t want to read anyway",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html"
},
{
"name": "20041125 MSIE flaws: nested array sort() loop Stack overflow exception",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/382257"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "web-browser-array-dos(18282)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282"
},
{
"name": "11751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11751"
},
{
"name": "20041125 MSIE \u0026 FIREFOX flaws: \"detailed\" advisory and comments that you probably don\u0027t want to read anyway",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html"
},
{
"name": "20041125 MSIE flaws: nested array sort() loop Stack overflow exception",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/382257"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1198",
"datePublished": "2004-12-15T05:00:00",
"dateReserved": "2004-12-14T00:00:00",
"dateUpdated": "2024-08-08T00:46:11.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5544
Vulnerability from cvelistv5
Published
2006-10-26 17:00
Modified
2024-08-07 19:55
Severity ?
EPSS score ?
Summary
Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/20728 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/449917/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/347188 | third-party-advisory, x_refsource_CERT-VN | |
| http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx | x_refsource_MISC | |
| http://securitytracker.com/id?1017122 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/22542 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/ | x_refsource_MISC | |
| http://www.osvdb.org/30022 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29827 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:53.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20728"
},
{
"name": "20061025 IE7 status: 8 days after release, 3 unfixed issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded"
},
{
"name": "VU#347188",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/347188"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx"
},
{
"name": "1017122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017122"
},
{
"name": "22542",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22542"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/"
},
{
"name": "30022",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30022"
},
{
"name": "ie-popup-addressbar-spoofing(29827)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20728"
},
{
"name": "20061025 IE7 status: 8 days after release, 3 unfixed issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded"
},
{
"name": "VU#347188",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/347188"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx"
},
{
"name": "1017122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017122"
},
{
"name": "22542",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22542"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/"
},
{
"name": "30022",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30022"
},
{
"name": "ie-popup-addressbar-spoofing(29827)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29827"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20728"
},
{
"name": "20061025 IE7 status: 8 days after release, 3 unfixed issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded"
},
{
"name": "VU#347188",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/347188"
},
{
"name": "http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx"
},
{
"name": "1017122",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017122"
},
{
"name": "22542",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22542"
},
{
"name": "http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/",
"refsource": "MISC",
"url": "http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/"
},
{
"name": "30022",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30022"
},
{
"name": "ie-popup-addressbar-spoofing(29827)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29827"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5544",
"datePublished": "2006-10-26T17:00:00",
"dateReserved": "2006-10-26T00:00:00",
"dateUpdated": "2024-08-07T19:55:53.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1989
Vulnerability from cvelistv5
Published
2005-08-10 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:790",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A790"
},
{
"name": "oval:org.mitre.oval:def:888",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A888"
},
{
"name": "oval:org.mitre.oval:def:1319",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1319"
},
{
"name": "16373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16373/"
},
{
"name": "oval:org.mitre.oval:def:100081",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100081"
},
{
"name": "14512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14512"
},
{
"name": "oval:org.mitre.oval:def:100082",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082"
},
{
"name": "MS05-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"name": "oval:org.mitre.oval:def:697",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A697"
},
{
"name": "ADV-2005-1353",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka \"Web Folder Behaviors Cross-Domain Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:790",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A790"
},
{
"name": "oval:org.mitre.oval:def:888",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A888"
},
{
"name": "oval:org.mitre.oval:def:1319",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1319"
},
{
"name": "16373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16373/"
},
{
"name": "oval:org.mitre.oval:def:100081",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100081"
},
{
"name": "14512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14512"
},
{
"name": "oval:org.mitre.oval:def:100082",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082"
},
{
"name": "MS05-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"name": "oval:org.mitre.oval:def:697",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A697"
},
{
"name": "ADV-2005-1353",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2005-1989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka \"Web Folder Behaviors Cross-Domain Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:790",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A790"
},
{
"name": "oval:org.mitre.oval:def:888",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A888"
},
{
"name": "oval:org.mitre.oval:def:1319",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1319"
},
{
"name": "16373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16373/"
},
{
"name": "oval:org.mitre.oval:def:100081",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100081"
},
{
"name": "14512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14512"
},
{
"name": "oval:org.mitre.oval:def:100082",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082"
},
{
"name": "MS05-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"name": "oval:org.mitre.oval:def:697",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A697"
},
{
"name": "ADV-2005-1353",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2005-1989",
"datePublished": "2005-08-10T04:00:00",
"dateReserved": "2005-06-17T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2829
Vulnerability from cvelistv5
Published
2005-12-14 11:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18064"
},
{
"name": "oval:org.mitre.oval:def:1340",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340"
},
{
"name": "oval:org.mitre.oval:def:1458",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458"
},
{
"name": "oval:org.mitre.oval:def:1209",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209"
},
{
"name": "15823",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15823"
},
{
"name": "MS05-054",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"name": "20051213 Secunia Research: Internet Explorer Suppressed \"Download Dialog\"Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419395/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"name": "15368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15368"
},
{
"name": "ADV-2005-2909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-7/advisory/"
},
{
"name": "oval:org.mitre.oval:def:1507",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507"
},
{
"name": "1015349",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015349"
},
{
"name": "18311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18311"
},
{
"name": "oval:org.mitre.oval:def:1490",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490"
},
{
"name": "ADV-2005-2867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"name": "ie-dialog-box-code-execution(23448)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23448"
},
{
"name": "20051213 Secunia Research: Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113450519906463\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-21/advisory"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
},
{
"name": "oval:org.mitre.oval:def:1505",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505"
},
{
"name": "254",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/254"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the \"Run\" button, aka \"File Download Dialog Box Manipulation Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "18064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18064"
},
{
"name": "oval:org.mitre.oval:def:1340",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340"
},
{
"name": "oval:org.mitre.oval:def:1458",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458"
},
{
"name": "oval:org.mitre.oval:def:1209",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209"
},
{
"name": "15823",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15823"
},
{
"name": "MS05-054",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"name": "20051213 Secunia Research: Internet Explorer Suppressed \"Download Dialog\"Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419395/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"name": "15368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15368"
},
{
"name": "ADV-2005-2909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-7/advisory/"
},
{
"name": "oval:org.mitre.oval:def:1507",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507"
},
{
"name": "1015349",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015349"
},
{
"name": "18311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18311"
},
{
"name": "oval:org.mitre.oval:def:1490",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490"
},
{
"name": "ADV-2005-2867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"name": "ie-dialog-box-code-execution(23448)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23448"
},
{
"name": "20051213 Secunia Research: Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113450519906463\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-21/advisory"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
},
{
"name": "oval:org.mitre.oval:def:1505",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505"
},
{
"name": "254",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/254"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2005-2829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the \"Run\" button, aka \"File Download Dialog Box Manipulation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18064"
},
{
"name": "oval:org.mitre.oval:def:1340",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340"
},
{
"name": "oval:org.mitre.oval:def:1458",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458"
},
{
"name": "oval:org.mitre.oval:def:1209",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209"
},
{
"name": "15823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15823"
},
{
"name": "MS05-054",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"name": "20051213 Secunia Research: Internet Explorer Suppressed \"Download Dialog\"Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419395/100/0/threaded"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"name": "15368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15368"
},
{
"name": "ADV-2005-2909",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"name": "http://secunia.com/secunia_research/2005-7/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-7/advisory/"
},
{
"name": "oval:org.mitre.oval:def:1507",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507"
},
{
"name": "1015349",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015349"
},
{
"name": "18311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18311"
},
{
"name": "oval:org.mitre.oval:def:1490",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490"
},
{
"name": "ADV-2005-2867",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"name": "ie-dialog-box-code-execution(23448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23448"
},
{
"name": "20051213 Secunia Research: Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=113450519906463\u0026w=2"
},
{
"name": "http://secunia.com/secunia_research/2005-21/advisory",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-21/advisory"
},
{
"name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420",
"refsource": "MISC",
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
},
{
"name": "oval:org.mitre.oval:def:1505",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505"
},
{
"name": "254",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/254"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2005-2829",
"datePublished": "2005-12-14T11:00:00",
"dateReserved": "2005-09-07T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0110
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=full-disclosure&m=110569119106172&w=2 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050114 Internet Explorer (SP2) - Remote File Download",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=110569119106172\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050114 Internet Explorer (SP2) - Remote File Download",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=110569119106172\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050114 Internet Explorer (SP2) - Remote File Download",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=110569119106172\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0110",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0667
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:30
Severity ?
EPSS score ?
Summary
Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/952611 | third-party-advisory, x_refsource_CERT-VN | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051 | vendor-advisory, x_refsource_MS | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7260 | vdb-entry, x_refsource_XF | |
| http://www.ciac.org/ciac/bulletins/m-024.shtml | third-party-advisory, government-resource, x_refsource_CIAC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#952611",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/952611"
},
{
"name": "MS01-051",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051"
},
{
"name": "ie-telnet-command-execution-variant(7260)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7260"
},
{
"name": "M-024",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/m-024.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-01T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#952611",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/952611"
},
{
"name": "MS01-051",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051"
},
{
"name": "ie-telnet-command-execution-variant(7260)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7260"
},
{
"name": "M-024",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/m-024.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#952611",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/952611"
},
{
"name": "MS01-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051"
},
{
"name": "ie-telnet-command-execution-variant(7260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7260"
},
{
"name": "M-024",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/m-024.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0667",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-15T00:00:00",
"dateUpdated": "2024-08-08T04:30:06.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1686
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109539520310153&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20617 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/11200 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:36.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040915 IE6 + XP SP2 Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109539520310153\u0026w=2"
},
{
"name": "ie-information-bar-bypass(20617)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20617"
},
{
"name": "11200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040915 IE6 + XP SP2 Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109539520310153\u0026w=2"
},
{
"name": "ie-information-bar-bypass(20617)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20617"
},
{
"name": "11200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11200"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040915 IE6 + XP SP2 Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109539520310153\u0026w=2"
},
{
"name": "ie-information-bar-bypass(20617)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20617"
},
{
"name": "11200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11200"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1686",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-21T00:00:00",
"dateUpdated": "2024-08-08T01:00:36.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-1061
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:45
Severity ?
EPSS score ?
Summary
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5127 | vdb-entry, x_refsource_XF | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:36.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "java-vm-applet(5127)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127"
},
{
"name": "MS00-075",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer\u0027s security settings and execute arbitrary commands via a malicious web page or email, aka the \"Microsoft VM ActiveX Component\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "java-vm-applet(5127)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127"
},
{
"name": "MS00-075",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer\u0027s security settings and execute arbitrary commands via a malicious web page or email, aka the \"Microsoft VM ActiveX Component\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "java-vm-applet(5127)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127"
},
{
"name": "MS00-075",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1061",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-11-29T00:00:00",
"dateUpdated": "2024-08-08T05:45:36.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0665
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:30
Severity ?
EPSS score ?
Summary
Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/3421 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7259 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/1972 | vdb-entry, x_refsource_OSVDB | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3421",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3421"
},
{
"name": "ie-url-http-requests(7259)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7259"
},
{
"name": "1972",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1972"
},
{
"name": "MS01-051",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the \"HTTP Request Encoding vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-01T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3421",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3421"
},
{
"name": "ie-url-http-requests(7259)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7259"
},
{
"name": "1972",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1972"
},
{
"name": "MS01-051",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the \"HTTP Request Encoding vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3421"
},
{
"name": "ie-url-http-requests(7259)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7259"
},
{
"name": "1972",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1972"
},
{
"name": "MS01-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0665",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-15T00:00:00",
"dateUpdated": "2024-08-08T04:30:06.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1527
Vulnerability from cvelistv5
Published
2005-02-19 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18073 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/13208 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=110053968530613&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/11680 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:24.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html"
},
{
"name": "ie-path-cookie-overwrite(18073)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18073"
},
{
"name": "13208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13208"
},
{
"name": "20041115 [SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110053968530613\u0026w=2"
},
{
"name": "11680",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker\u0027s domain name is within the target\u0027s domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html"
},
{
"name": "ie-path-cookie-overwrite(18073)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18073"
},
{
"name": "13208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13208"
},
{
"name": "20041115 [SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110053968530613\u0026w=2"
},
{
"name": "11680",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker\u0027s domain name is within the target\u0027s domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html"
},
{
"name": "ie-path-cookie-overwrite(18073)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18073"
},
{
"name": "13208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13208"
},
{
"name": "20041115 [SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110053968530613\u0026w=2"
},
{
"name": "11680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1527",
"datePublished": "2005-02-19T05:00:00",
"dateReserved": "2005-02-18T00:00:00",
"dateUpdated": "2024-08-08T00:53:24.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3657
Vulnerability from cvelistv5
Published
2006-07-17 19:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/27109 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27762 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/19029 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2006/2832 | vdb-entry, x_refsource_VUPEN | |
| http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27109",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27109"
},
{
"name": "ie-dximagetransform-dos(27762)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27762"
},
{
"name": "19029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19029"
},
{
"name": "ADV-2006-2832",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2832"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27109",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27109"
},
{
"name": "ie-dximagetransform-dos(27762)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27762"
},
{
"name": "19029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19029"
},
{
"name": "ADV-2006-2832",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2832"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27109",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27109"
},
{
"name": "ie-dximagetransform-dos(27762)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27762"
},
{
"name": "19029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19029"
},
{
"name": "ADV-2006-2832",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2832"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3657",
"datePublished": "2006-07-17T19:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1186
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/5610 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/10039.php | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/7845 | vdb-entry, x_refsource_OSVDB | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495 | vdb-entry, signature, x_refsource_OVAL | |
| http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html | mailing-list, x_refsource_BUGTRAQ | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:27.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS02-066",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"name": "5610",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5610"
},
{
"name": "20020903 MSIEv6 % encoding causes a problem again",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html"
},
{
"name": "ie-sameoriginpolicy-bypass(10039)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10039.php"
},
{
"name": "7845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7845"
},
{
"name": "oval:org.mitre.oval:def:495",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495"
},
{
"name": "20020904 Re: MSIEv6 % encoding causes a problem again",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html"
},
{
"name": "oval:org.mitre.oval:def:471",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471"
},
{
"name": "oval:org.mitre.oval:def:143",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka \"Encoded Characters Information Disclosure.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-11-01T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS02-066",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"name": "5610",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5610"
},
{
"name": "20020903 MSIEv6 % encoding causes a problem again",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html"
},
{
"name": "ie-sameoriginpolicy-bypass(10039)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10039.php"
},
{
"name": "7845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7845"
},
{
"name": "oval:org.mitre.oval:def:495",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495"
},
{
"name": "20020904 Re: MSIEv6 % encoding causes a problem again",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html"
},
{
"name": "oval:org.mitre.oval:def:471",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471"
},
{
"name": "oval:org.mitre.oval:def:143",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka \"Encoded Characters Information Disclosure.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS02-066",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"name": "5610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5610"
},
{
"name": "20020903 MSIEv6 % encoding causes a problem again",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html"
},
{
"name": "ie-sameoriginpolicy-bypass(10039)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10039.php"
},
{
"name": "7845",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7845"
},
{
"name": "oval:org.mitre.oval:def:495",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495"
},
{
"name": "20020904 Re: MSIEv6 % encoding causes a problem again",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html"
},
{
"name": "oval:org.mitre.oval:def:471",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471"
},
{
"name": "oval:org.mitre.oval:def:143",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1186",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-10-04T00:00:00",
"dateUpdated": "2024-08-08T03:19:27.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0344
Vulnerability from cvelistv5
Published
2003-06-06 04:00
Modified
2024-08-08 01:50
Severity ?
EPSS score ?
Summary
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=105476381609135&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/8943 | third-party-advisory, x_refsource_SECUNIA | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922 | vdb-entry, signature, x_refsource_OVAL | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html | mailing-list, x_refsource_FULLDISC | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020 | vendor-advisory, x_refsource_MS | |
| http://www.eeye.com/html/Research/Advisories/AD20030604.html | third-party-advisory, x_refsource_EEYE | |
| http://www.kb.cert.org/vuls/id/679556 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:47.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030604 Internet Explorer Object Type Property Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
},
{
"name": "8943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8943"
},
{
"name": "oval:org.mitre.oval:def:922",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922"
},
{
"name": "20030709 IE Object Type Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html"
},
{
"name": "MS03-020",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
},
{
"name": "AD20030604",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html"
},
{
"name": "VU#679556",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/679556"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030604 Internet Explorer Object Type Property Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
},
{
"name": "8943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8943"
},
{
"name": "oval:org.mitre.oval:def:922",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922"
},
{
"name": "20030709 IE Object Type Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html"
},
{
"name": "MS03-020",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
},
{
"name": "AD20030604",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html"
},
{
"name": "VU#679556",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/679556"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030604 Internet Explorer Object Type Property Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
},
{
"name": "8943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8943"
},
{
"name": "oval:org.mitre.oval:def:922",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922"
},
{
"name": "20030709 IE Object Type Overflow Exploit",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html"
},
{
"name": "MS03-020",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
},
{
"name": "AD20030604",
"refsource": "EEYE",
"url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html"
},
{
"name": "VU#679556",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/679556"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0344",
"datePublished": "2003-06-06T04:00:00",
"dateReserved": "2003-05-28T00:00:00",
"dateUpdated": "2024-08-08T01:50:47.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2057
Vulnerability from cvelistv5
Published
2009-06-15 19:00
Modified
2024-09-17 01:11
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf | x_refsource_MISC | |
| http://research.microsoft.com/apps/pubs/default.aspx?id=79323 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an \"SSL tampering\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an \"SSL tampering\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf",
"refsource": "MISC",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323",
"refsource": "MISC",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2057",
"datePublished": "2009-06-15T19:00:00Z",
"dateReserved": "2009-06-15T00:00:00Z",
"dateUpdated": "2024-09-17T01:11:07.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0544
Vulnerability from cvelistv5
Published
2006-02-04 02:00
Modified
2024-09-17 01:40
Severity ?
EPSS score ?
Summary
urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.security-protocols.com/advisory/sp-x23-advisory.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/16463 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security-protocols.com/advisory/sp-x23-advisory.txt"
},
{
"name": "16463",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to \"file://\" followed by a large number of \"-\" (dash of hyphen) characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-02-04T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security-protocols.com/advisory/sp-x23-advisory.txt"
},
{
"name": "16463",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to \"file://\" followed by a large number of \"-\" (dash of hyphen) characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.security-protocols.com/advisory/sp-x23-advisory.txt",
"refsource": "MISC",
"url": "http://www.security-protocols.com/advisory/sp-x23-advisory.txt"
},
{
"name": "16463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0544",
"datePublished": "2006-02-04T02:00:00Z",
"dateReserved": "2006-02-04T00:00:00Z",
"dateUpdated": "2024-09-17T01:40:37.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0532
Vulnerability from cvelistv5
Published
2003-08-22 04:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/865940 | third-party-advisory, x_refsource_CERT-VN | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 | vendor-advisory, x_refsource_MS | |
| http://www.eeye.com/html/Research/Advisories/AD20030820.html | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html | mailing-list, x_refsource_VULNWATCH | |
| http://marc.info/?l=bugtraq&m=106149026621753&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#865940",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/865940"
},
{
"name": "MS03-032",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD20030820.html"
},
{
"name": "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html"
},
{
"name": "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106149026621753\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the \"Object Type\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#865940",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/865940"
},
{
"name": "MS03-032",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD20030820.html"
},
{
"name": "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html"
},
{
"name": "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106149026621753\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the \"Object Type\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#865940",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/865940"
},
{
"name": "MS03-032",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name": "http://www.eeye.com/html/Research/Advisories/AD20030820.html",
"refsource": "MISC",
"url": "http://www.eeye.com/html/Research/Advisories/AD20030820.html"
},
{
"name": "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html"
},
{
"name": "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106149026621753\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0532",
"datePublished": "2003-08-22T04:00:00",
"dateReserved": "2003-07-08T00:00:00",
"dateUpdated": "2024-08-08T01:58:11.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4193
Vulnerability from cvelistv5
Published
2006-08-17 01:00
Modified
2024-08-07 18:57
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-msoe-dos(28439)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28439"
},
{
"name": "29347",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=8"
},
{
"name": "29345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29345"
},
{
"name": "20060815 [XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443295/100/0/threaded"
},
{
"name": "1402",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1402"
},
{
"name": "19530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19530"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=10"
},
{
"name": "20060815 [XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443290/100/0/threaded"
},
{
"name": "19521",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19521"
},
{
"name": "ie-imskdic-dos(28436)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28436"
},
{
"name": "19529",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19529"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=9"
},
{
"name": "29346",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29346"
},
{
"name": "20060815 [XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443299/100/0/threaded"
},
{
"name": "ie-chtskdic-dos(28438)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-msoe-dos(28439)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28439"
},
{
"name": "29347",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=8"
},
{
"name": "29345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29345"
},
{
"name": "20060815 [XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443295/100/0/threaded"
},
{
"name": "1402",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1402"
},
{
"name": "19530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19530"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=10"
},
{
"name": "20060815 [XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443290/100/0/threaded"
},
{
"name": "19521",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19521"
},
{
"name": "ie-imskdic-dos(28436)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28436"
},
{
"name": "19529",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19529"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=9"
},
{
"name": "29346",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29346"
},
{
"name": "20060815 [XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443299/100/0/threaded"
},
{
"name": "ie-chtskdic-dos(28438)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28438"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-msoe-dos(28439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28439"
},
{
"name": "29347",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29347"
},
{
"name": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=8",
"refsource": "MISC",
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=8"
},
{
"name": "29345",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29345"
},
{
"name": "20060815 [XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443295/100/0/threaded"
},
{
"name": "1402",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1402"
},
{
"name": "19530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19530"
},
{
"name": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=10",
"refsource": "MISC",
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=10"
},
{
"name": "20060815 [XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443290/100/0/threaded"
},
{
"name": "19521",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19521"
},
{
"name": "ie-imskdic-dos(28436)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28436"
},
{
"name": "19529",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19529"
},
{
"name": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=9",
"refsource": "MISC",
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=9"
},
{
"name": "29346",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29346"
},
{
"name": "20060815 [XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443299/100/0/threaded"
},
{
"name": "ie-chtskdic-dos(28438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28438"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4193",
"datePublished": "2006-08-17T01:00:00",
"dateReserved": "2006-08-16T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1326
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 02:19
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/6779 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.iss.net/security_center/static/11258.php | vdb-entry, x_refsource_XF | |
| http://www.ciac.org/ciac/bulletins/n-038.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6779"
},
{
"name": "oval:org.mitre.oval:def:126",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126"
},
{
"name": "ie-dialog-zone-bypass(11258)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11258.php"
},
{
"name": "N-038",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-038.shtml"
},
{
"name": "oval:org.mitre.oval:def:49",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49"
},
{
"name": "oval:org.mitre.oval:def:178",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178"
},
{
"name": "MS03-004",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka \"Improper Cross Domain Security Validation with dialog box.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-11-01T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6779"
},
{
"name": "oval:org.mitre.oval:def:126",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126"
},
{
"name": "ie-dialog-zone-bypass(11258)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11258.php"
},
{
"name": "N-038",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-038.shtml"
},
{
"name": "oval:org.mitre.oval:def:49",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49"
},
{
"name": "oval:org.mitre.oval:def:178",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178"
},
{
"name": "MS03-004",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka \"Improper Cross Domain Security Validation with dialog box.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6779"
},
{
"name": "oval:org.mitre.oval:def:126",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126"
},
{
"name": "ie-dialog-zone-bypass(11258)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11258.php"
},
{
"name": "N-038",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-038.shtml"
},
{
"name": "oval:org.mitre.oval:def:49",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49"
},
{
"name": "oval:org.mitre.oval:def:178",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178"
},
{
"name": "MS03-004",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1326",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-02-06T00:00:00",
"dateUpdated": "2024-08-08T02:19:46.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0076
Vulnerability from cvelistv5
Published
2008-02-12 22:00
Modified
2024-08-07 07:32
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=120361015026386&w=2 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=120361015026386&w=2 | vendor-advisory, x_refsource_HP | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5487 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA08-043C.html | third-party-advisory, x_refsource_CERT | |
| http://www.vupen.com/english/advisories/2008/0512/references | vdb-entry, x_refsource_VUPEN | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/28903 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/27668 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1019379 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:24.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBST02314",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "SSRT080016",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:5487",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5487"
},
{
"name": "TA08-043C",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "ADV-2008-0512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0512/references"
},
{
"name": "MS08-010",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010"
},
{
"name": "28903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28903"
},
{
"name": "27668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27668"
},
{
"name": "1019379",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019379"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka \"HTML Rendering Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "HPSBST02314",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "SSRT080016",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:5487",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5487"
},
{
"name": "TA08-043C",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "ADV-2008-0512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0512/references"
},
{
"name": "MS08-010",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010"
},
{
"name": "28903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28903"
},
{
"name": "27668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27668"
},
{
"name": "1019379",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019379"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka \"HTML Rendering Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBST02314",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "SSRT080016",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:5487",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5487"
},
{
"name": "TA08-043C",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "ADV-2008-0512",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0512/references"
},
{
"name": "MS08-010",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010"
},
{
"name": "28903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28903"
},
{
"name": "27668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27668"
},
{
"name": "1019379",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019379"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0076",
"datePublished": "2008-02-12T22:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T07:32:24.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0867
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109536612321898&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/12580/ | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1011331 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 | vdb-entry, x_refsource_XF | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=252342 | x_refsource_CONFIRM | |
| http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/11186 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2"
},
{
"name": "12580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12580/"
},
{
"name": "1011331",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011331"
},
{
"name": "web-browser-session-hijack(17415)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html"
},
{
"name": "11186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session. NOTE: it was later reported that 2.x is also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2"
},
{
"name": "12580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12580/"
},
{
"name": "1011331",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011331"
},
{
"name": "web-browser-session-hijack(17415)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html"
},
{
"name": "11186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session. NOTE: it was later reported that 2.x is also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2"
},
{
"name": "12580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12580/"
},
{
"name": "1011331",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011331"
},
{
"name": "web-browser-session-hijack(17415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342"
},
{
"name": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html",
"refsource": "MISC",
"url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html"
},
{
"name": "11186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0867",
"datePublished": "2004-09-24T04:00:00",
"dateReserved": "2004-09-14T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0815
Vulnerability from cvelistv5
Published
2004-01-14 05:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "O-021",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-021.shtml"
},
{
"name": "20030910 MSIE-\u003eLinkillerJPU:another caller-based authorization(is broken).",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106321757619047\u0026w=2"
},
{
"name": "20030910 MSIE-\u003eLinkillerSaveRef:another caller-based authorization",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html"
},
{
"name": "oval:org.mitre.oval:def:351",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351"
},
{
"name": "ie-pointer-zone-bypass(13676)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13676"
},
{
"name": "oval:org.mitre.oval:def:472",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472"
},
{
"name": "7889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7889"
},
{
"name": "MS03-048",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "1007687",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007687"
},
{
"name": "20030911 LiuDieYu\u0027s missing files are here.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM"
},
{
"name": "oval:org.mitre.oval:def:353",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353"
},
{
"name": "oval:org.mitre.oval:def:359",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359"
},
{
"name": "20030910 MSIE-\u003eFindeath: break caller-based authorization",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106322542104656\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:356",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356"
},
{
"name": "9014",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9014"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM"
},
{
"name": "oval:org.mitre.oval:def:357",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357"
},
{
"name": "oval:org.mitre.oval:def:352",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352"
},
{
"name": "7888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7888"
},
{
"name": "10192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10192"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the \"Function Pointer Override Cross Domain\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "O-021",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-021.shtml"
},
{
"name": "20030910 MSIE-\u003eLinkillerJPU:another caller-based authorization(is broken).",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106321757619047\u0026w=2"
},
{
"name": "20030910 MSIE-\u003eLinkillerSaveRef:another caller-based authorization",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html"
},
{
"name": "oval:org.mitre.oval:def:351",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351"
},
{
"name": "ie-pointer-zone-bypass(13676)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13676"
},
{
"name": "oval:org.mitre.oval:def:472",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472"
},
{
"name": "7889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7889"
},
{
"name": "MS03-048",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "1007687",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007687"
},
{
"name": "20030911 LiuDieYu\u0027s missing files are here.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM"
},
{
"name": "oval:org.mitre.oval:def:353",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353"
},
{
"name": "oval:org.mitre.oval:def:359",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359"
},
{
"name": "20030910 MSIE-\u003eFindeath: break caller-based authorization",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106322542104656\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:356",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356"
},
{
"name": "9014",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9014"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM"
},
{
"name": "oval:org.mitre.oval:def:357",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357"
},
{
"name": "oval:org.mitre.oval:def:352",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352"
},
{
"name": "7888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7888"
},
{
"name": "10192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the \"Function Pointer Override Cross Domain\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "O-021",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-021.shtml"
},
{
"name": "20030910 MSIE-\u003eLinkillerJPU:another caller-based authorization(is broken).",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106321757619047\u0026w=2"
},
{
"name": "20030910 MSIE-\u003eLinkillerSaveRef:another caller-based authorization",
"refsource": "BUGTRAQ",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html"
},
{
"name": "oval:org.mitre.oval:def:351",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351"
},
{
"name": "ie-pointer-zone-bypass(13676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13676"
},
{
"name": "oval:org.mitre.oval:def:472",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472"
},
{
"name": "7889",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7889"
},
{
"name": "MS03-048",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "1007687",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007687"
},
{
"name": "20030911 LiuDieYu\u0027s missing files are here.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"name": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM",
"refsource": "MISC",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM"
},
{
"name": "oval:org.mitre.oval:def:353",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353"
},
{
"name": "oval:org.mitre.oval:def:359",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359"
},
{
"name": "20030910 MSIE-\u003eFindeath: break caller-based authorization",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106322542104656\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:356",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356"
},
{
"name": "9014",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9014"
},
{
"name": "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM",
"refsource": "MISC",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM"
},
{
"name": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM",
"refsource": "MISC",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM"
},
{
"name": "oval:org.mitre.oval:def:357",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357"
},
{
"name": "oval:org.mitre.oval:def:352",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352"
},
{
"name": "7888",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7888"
},
{
"name": "10192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0815",
"datePublished": "2004-01-14T05:00:00",
"dateReserved": "2003-09-18T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1484
Vulnerability from cvelistv5
Published
2007-10-24 23:00
Modified
2024-08-08 02:28
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11946 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/320544 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/7502 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/3292 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-anchorclick-dos(11946)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11946"
},
{
"name": "20030505 Crash in Internet Explorer 6.0 Sp1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/320544"
},
{
"name": "7502",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7502"
},
{
"name": "3292",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3292"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick \"A\" object with a blank href attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-anchorclick-dos(11946)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11946"
},
{
"name": "20030505 Crash in Internet Explorer 6.0 Sp1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/320544"
},
{
"name": "7502",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7502"
},
{
"name": "3292",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3292"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick \"A\" object with a blank href attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-anchorclick-dos(11946)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11946"
},
{
"name": "20030505 Crash in Internet Explorer 6.0 Sp1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/320544"
},
{
"name": "7502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7502"
},
{
"name": "3292",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3292"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1484",
"datePublished": "2007-10-24T23:00:00",
"dateReserved": "2007-10-24T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0841
Vulnerability from cvelistv5
Published
2004-09-14 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#413886",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "1010679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010679"
},
{
"name": "oval:org.mitre.oval:def:2611",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:8077",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
},
{
"name": "12048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12048"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4363",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
},
{
"name": "10690",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10690"
},
{
"name": "7774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7774"
},
{
"name": "oval:org.mitre.oval:def:5620",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
},
{
"name": "oval:org.mitre.oval:def:6031",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
},
{
"name": "20040711 HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/368652"
},
{
"name": "oval:org.mitre.oval:def:6048",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
},
{
"name": "20040712 Re: HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/368666"
},
{
"name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#413886",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "1010679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010679"
},
{
"name": "oval:org.mitre.oval:def:2611",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:8077",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
},
{
"name": "12048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12048"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4363",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
},
{
"name": "10690",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10690"
},
{
"name": "7774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7774"
},
{
"name": "oval:org.mitre.oval:def:5620",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
},
{
"name": "oval:org.mitre.oval:def:6031",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
},
{
"name": "20040711 HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/368652"
},
{
"name": "oval:org.mitre.oval:def:6048",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
},
{
"name": "20040712 Re: HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/368666"
},
{
"name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#413886",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"name": "1010679",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010679"
},
{
"name": "oval:org.mitre.oval:def:2611",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
},
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:8077",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
},
{
"name": "12048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12048"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "oval:org.mitre.oval:def:4363",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
},
{
"name": "10690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10690"
},
{
"name": "7774",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7774"
},
{
"name": "oval:org.mitre.oval:def:5620",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
},
{
"name": "oval:org.mitre.oval:def:6031",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
},
{
"name": "20040711 HijackClick 3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/368652"
},
{
"name": "oval:org.mitre.oval:def:6048",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
},
{
"name": "20040712 Re: HijackClick 3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/368666"
},
{
"name": "20040712 Brand New Hole: Internet Explorer: HijackClick 3",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0841",
"datePublished": "2004-09-14T04:00:00",
"dateReserved": "2004-09-08T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1714
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
References
| ▼ | URL | Tags |
|---|---|---|
| http://online.securityfocus.com/archive/1/268776 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/4564 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/8904 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:56.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020420 DoS in Multiple IE Versions (Self-Referenced Directives)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/268776"
},
{
"name": "4564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4564"
},
{
"name": "ie-object-directive-dos(8904)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type \"text/html\" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020420 DoS in Multiple IE Versions (Self-Referenced Directives)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/268776"
},
{
"name": "4564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4564"
},
{
"name": "ie-object-directive-dos(8904)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8904"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type \"text/html\" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020420 DoS in Multiple IE Versions (Self-Referenced Directives)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/268776"
},
{
"name": "4564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4564"
},
{
"name": "ie-object-directive-dos(8904)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1714",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T03:34:56.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2382
Vulnerability from cvelistv5
Published
2011-06-03 17:00
Modified
2024-09-17 02:41
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.informationweek.com/news/security/vulnerabilities/229700031 | x_refsource_MISC | |
| http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 | x_refsource_MISC | |
| http://news.cnet.com/8301-1009_3-20066419-83.html | x_refsource_MISC | |
| http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/ | x_refsource_MISC | |
| http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/ | x_refsource_MISC | |
| http://www.youtube.com/watch?v=VsSkcnIFCxM | x_refsource_MISC | |
| http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt | x_refsource_MISC | |
| http://www.networkworld.com/community/node/74259 | x_refsource_MISC | |
| http://www.youtube.com/watch?v=V95CX-3JpK0 | x_refsource_MISC | |
| https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:33.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.informationweek.com/news/security/vulnerabilities/229700031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://news.cnet.com/8301-1009_3-20066419-83.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=VsSkcnIFCxM"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networkworld.com/community/node/74259"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=V95CX-3JpK0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-03T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.informationweek.com/news/security/vulnerabilities/229700031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://news.cnet.com/8301-1009_3-20066419-83.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=VsSkcnIFCxM"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networkworld.com/community/node/74259"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=V95CX-3JpK0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.informationweek.com/news/security/vulnerabilities/229700031",
"refsource": "MISC",
"url": "http://www.informationweek.com/news/security/vulnerabilities/229700031"
},
{
"name": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388",
"refsource": "MISC",
"url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388"
},
{
"name": "http://news.cnet.com/8301-1009_3-20066419-83.html",
"refsource": "MISC",
"url": "http://news.cnet.com/8301-1009_3-20066419-83.html"
},
{
"name": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/",
"refsource": "MISC",
"url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/"
},
{
"name": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/"
},
{
"name": "http://www.youtube.com/watch?v=VsSkcnIFCxM",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=VsSkcnIFCxM"
},
{
"name": "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt",
"refsource": "MISC",
"url": "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt"
},
{
"name": "http://www.networkworld.com/community/node/74259",
"refsource": "MISC",
"url": "http://www.networkworld.com/community/node/74259"
},
{
"name": "http://www.youtube.com/watch?v=V95CX-3JpK0",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=V95CX-3JpK0"
},
{
"name": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt",
"refsource": "MISC",
"url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2382",
"datePublished": "2011-06-03T17:00:00Z",
"dateReserved": "2011-06-03T00:00:00Z",
"dateUpdated": "2024-09-17T02:41:25.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1114
Vulnerability from cvelistv5
Published
2007-02-26 23:00
Modified
2024-08-07 12:43
Severity ?
EPSS score ?
Summary
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/22701 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/24314 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/461076/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.hardened-php.net/advisory_032007.142.html | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2007/0744 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/32119 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22701",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22701"
},
{
"name": "24314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24314"
},
{
"name": "20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461076/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_032007.142.html"
},
{
"name": "ADV-2007-0744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0744"
},
{
"name": "32119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22701",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22701"
},
{
"name": "24314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24314"
},
{
"name": "20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461076/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_032007.142.html"
},
{
"name": "ADV-2007-0744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0744"
},
{
"name": "32119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22701"
},
{
"name": "24314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24314"
},
{
"name": "20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461076/100/0/threaded"
},
{
"name": "http://www.hardened-php.net/advisory_032007.142.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_032007.142.html"
},
{
"name": "ADV-2007-0744",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0744"
},
{
"name": "32119",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1114",
"datePublished": "2007-02-26T23:00:00",
"dateReserved": "2007-02-26T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0036
Vulnerability from cvelistv5
Published
2000-03-22 05:00
Modified
2024-08-08 05:05
Severity ?
EPSS score ?
Summary
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ249082 | vendor-advisory, x_refsource_MSKB | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:53.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Q249082",
"tags": [
"vendor-advisory",
"x_refsource_MSKB",
"x_transferred"
],
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ249082"
},
{
"name": "MS99-060",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the \"HTML Mail Attachment\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "Q249082",
"tags": [
"vendor-advisory",
"x_refsource_MSKB"
],
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ249082"
},
{
"name": "MS99-060",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the \"HTML Mail Attachment\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Q249082",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249082"
},
{
"name": "MS99-060",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0036",
"datePublished": "2000-03-22T05:00:00",
"dateReserved": "2000-01-11T00:00:00",
"dateUpdated": "2024-08-08T05:05:53.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0356
Vulnerability from cvelistv5
Published
2007-01-19 01:00
Modified
2024-08-07 12:12
Severity ?
EPSS score ?
Summary
The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/22092 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/3142 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31549 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:18.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22092"
},
{
"name": "3142",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3142"
},
{
"name": "ie-ccrp-dos(31549)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22092"
},
{
"name": "3142",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3142"
},
{
"name": "ie-ccrp-dos(31549)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22092"
},
{
"name": "3142",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3142"
},
{
"name": "ie-ccrp-dos(31549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0356",
"datePublished": "2007-01-19T01:00:00",
"dateReserved": "2007-01-18T00:00:00",
"dateUpdated": "2024-08-07T12:12:18.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0753
Vulnerability from cvelistv5
Published
2006-02-18 02:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24846 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/424959/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/23307 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:55.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-windowstatus-dos(24846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24846"
},
{
"name": "20060214 memory leak in IE?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424959/100/0/threaded"
},
{
"name": "23307",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23307"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-windowstatus-dos(24846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24846"
},
{
"name": "20060214 memory leak in IE?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424959/100/0/threaded"
},
{
"name": "23307",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23307"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-windowstatus-dos(24846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24846"
},
{
"name": "20060214 memory leak in IE?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424959/100/0/threaded"
},
{
"name": "23307",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23307"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0753",
"datePublished": "2006-02-18T02:00:00",
"dateReserved": "2006-02-18T00:00:00",
"dateUpdated": "2024-08-07T16:48:55.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1142
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:2730",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730"
},
{
"name": "20021120 Foundstone Advisory",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html"
},
{
"name": "6214",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6214"
},
{
"name": "mdac-rds-client-bo(10669)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10669"
},
{
"name": "VU#542081",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/542081"
},
{
"name": "MS02-065",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065"
},
{
"name": "oval:org.mitre.oval:def:3573",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573"
},
{
"name": "CA-2002-33",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-33.html"
},
{
"name": "mdac-rds-server-bo(10659)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10659"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337"
},
{
"name": "oval:org.mitre.oval:def:294",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:2730",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730"
},
{
"name": "20021120 Foundstone Advisory",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html"
},
{
"name": "6214",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6214"
},
{
"name": "mdac-rds-client-bo(10669)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10669"
},
{
"name": "VU#542081",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/542081"
},
{
"name": "MS02-065",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065"
},
{
"name": "oval:org.mitre.oval:def:3573",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573"
},
{
"name": "CA-2002-33",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-33.html"
},
{
"name": "mdac-rds-server-bo(10659)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10659"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337"
},
{
"name": "oval:org.mitre.oval:def:294",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:2730",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730"
},
{
"name": "20021120 Foundstone Advisory",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html"
},
{
"name": "6214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6214"
},
{
"name": "mdac-rds-client-bo(10669)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10669"
},
{
"name": "VU#542081",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/542081"
},
{
"name": "MS02-065",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065"
},
{
"name": "oval:org.mitre.oval:def:3573",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573"
},
{
"name": "CA-2002-33",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-33.html"
},
{
"name": "mdac-rds-server-bo(10659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10659"
},
{
"name": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337",
"refsource": "MISC",
"url": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337"
},
{
"name": "oval:org.mitre.oval:def:294",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1142",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-23T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1048
Vulnerability from cvelistv5
Published
2004-07-21 04:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#685364",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/685364"
},
{
"name": "ie-mshtml-gif-bo(16804)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16804"
},
{
"name": "20040903 Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.html"
},
{
"name": "oval:org.mitre.oval:def:509",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A509"
},
{
"name": "oval:org.mitre.oval:def:236",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A236"
},
{
"name": "8530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8530"
},
{
"name": "20030902 New Microsoft Internet Explorer mshtml.dll Denial of Service?",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.html"
},
{
"name": "oval:org.mitre.oval:def:1793",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1793"
},
{
"name": "oval:org.mitre.oval:def:206",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A206"
},
{
"name": "MS04-025",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025"
},
{
"name": "20040902 AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.html"
},
{
"name": "TA04-212A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-212A.html"
},
{
"name": "oval:org.mitre.oval:def:517",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A517"
},
{
"name": "oval:org.mitre.oval:def:2100",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2100"
},
{
"name": "oval:org.mitre.oval:def:212",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A212"
},
{
"name": "O-191",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-191.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#685364",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/685364"
},
{
"name": "ie-mshtml-gif-bo(16804)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16804"
},
{
"name": "20040903 Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.html"
},
{
"name": "oval:org.mitre.oval:def:509",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A509"
},
{
"name": "oval:org.mitre.oval:def:236",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A236"
},
{
"name": "8530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8530"
},
{
"name": "20030902 New Microsoft Internet Explorer mshtml.dll Denial of Service?",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.html"
},
{
"name": "oval:org.mitre.oval:def:1793",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1793"
},
{
"name": "oval:org.mitre.oval:def:206",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A206"
},
{
"name": "MS04-025",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025"
},
{
"name": "20040902 AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.html"
},
{
"name": "TA04-212A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-212A.html"
},
{
"name": "oval:org.mitre.oval:def:517",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A517"
},
{
"name": "oval:org.mitre.oval:def:2100",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2100"
},
{
"name": "oval:org.mitre.oval:def:212",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A212"
},
{
"name": "O-191",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-191.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#685364",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/685364"
},
{
"name": "ie-mshtml-gif-bo(16804)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16804"
},
{
"name": "20040903 Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.html"
},
{
"name": "oval:org.mitre.oval:def:509",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A509"
},
{
"name": "oval:org.mitre.oval:def:236",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A236"
},
{
"name": "8530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8530"
},
{
"name": "20030902 New Microsoft Internet Explorer mshtml.dll Denial of Service?",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.html"
},
{
"name": "oval:org.mitre.oval:def:1793",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1793"
},
{
"name": "oval:org.mitre.oval:def:206",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A206"
},
{
"name": "MS04-025",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025"
},
{
"name": "20040902 AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.html"
},
{
"name": "TA04-212A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-212A.html"
},
{
"name": "oval:org.mitre.oval:def:517",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A517"
},
{
"name": "oval:org.mitre.oval:def:2100",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2100"
},
{
"name": "oval:org.mitre.oval:def:212",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A212"
},
{
"name": "O-191",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-191.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1048",
"datePublished": "2004-07-21T04:00:00",
"dateReserved": "2004-07-20T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3637
Vulnerability from cvelistv5
Published
2006-08-08 23:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/27853 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1016663 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/21396 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/3212 | vdb-entry, x_refsource_VUPEN | |
| http://www.us-cert.gov/cas/techalerts/TA06-220A.html | third-party-advisory, x_refsource_CERT | |
| http://www.kb.cert.org/vuls/id/340060 | third-party-advisory, x_refsource_CERT-VN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27853",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27853"
},
{
"name": "1016663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "21396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "VU#340060",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/340060"
},
{
"name": "oval:org.mitre.oval:def:502",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "27853",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27853"
},
{
"name": "1016663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "21396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "VU#340060",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/340060"
},
{
"name": "oval:org.mitre.oval:def:502",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27853",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27853"
},
{
"name": "1016663",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "21396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21396"
},
{
"name": "ADV-2006-3212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "VU#340060",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/340060"
},
{
"name": "oval:org.mitre.oval:def:502",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3637",
"datePublished": "2006-08-08T23:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4301
Vulnerability from cvelistv5
Published
2006-08-23 01:00
Modified
2024-08-07 19:06
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/29524 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/1439 | third-party-advisory, x_refsource_SREASON | |
| http://xsec.org/index.php?module=releases&act=view&type=1&id=17 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/443907/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.exploit-db.com/exploits/4251 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/19640 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/29525 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28516 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29524"
},
{
"name": "1439",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1439"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=17"
},
{
"name": "20060821 [XSec-06-09]: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443907/100/0/threaded"
},
{
"name": "4251",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4251"
},
{
"name": "19640",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19640"
},
{
"name": "29525",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29525"
},
{
"name": "ie-com-color-dos(28516)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29524"
},
{
"name": "1439",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1439"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=17"
},
{
"name": "20060821 [XSec-06-09]: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443907/100/0/threaded"
},
{
"name": "4251",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4251"
},
{
"name": "19640",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19640"
},
{
"name": "29525",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29525"
},
{
"name": "ie-com-color-dos(28516)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28516"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29524",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29524"
},
{
"name": "1439",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1439"
},
{
"name": "http://xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=17",
"refsource": "MISC",
"url": "http://xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=17"
},
{
"name": "20060821 [XSec-06-09]: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443907/100/0/threaded"
},
{
"name": "4251",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4251"
},
{
"name": "19640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19640"
},
{
"name": "29525",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29525"
},
{
"name": "ie-com-color-dos(28516)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28516"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4301",
"datePublished": "2006-08-23T01:00:00",
"dateReserved": "2006-08-22T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3869
Vulnerability from cvelistv5
Published
2006-08-23 01:00
Modified
2024-08-07 18:48
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-url-compression-bo(28893)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893"
},
{
"name": "19667",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19667"
},
{
"name": "1016731",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016731"
},
{
"name": "28132",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28132"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/923762.mspx"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.microsoft.com/kb/923762/"
},
{
"name": "21557",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21557"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nsfocus.com/english/homepage/research/0608.htm"
},
{
"name": "20060824 EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444241/100/0/threaded"
},
{
"name": "VU#821156",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/821156"
},
{
"name": "ADV-2006-3356",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3356"
},
{
"name": "1441",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1441"
},
{
"name": "20060825 NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444319/100/0/threaded"
},
{
"name": "20060822 EEYE:ALERT: MS06-042 Related Internet Explorer \u0027Crash\u0027 is Exploitable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444046/100/0/threaded"
},
{
"name": "ie-long-url-bo(28522)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ie-url-compression-bo(28893)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893"
},
{
"name": "19667",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19667"
},
{
"name": "1016731",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016731"
},
{
"name": "28132",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28132"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/923762.mspx"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.microsoft.com/kb/923762/"
},
{
"name": "21557",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21557"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nsfocus.com/english/homepage/research/0608.htm"
},
{
"name": "20060824 EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444241/100/0/threaded"
},
{
"name": "VU#821156",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/821156"
},
{
"name": "ADV-2006-3356",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3356"
},
{
"name": "1441",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1441"
},
{
"name": "20060825 NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444319/100/0/threaded"
},
{
"name": "20060822 EEYE:ALERT: MS06-042 Related Internet Explorer \u0027Crash\u0027 is Exploitable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444046/100/0/threaded"
},
{
"name": "ie-long-url-bo(28522)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-url-compression-bo(28893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893"
},
{
"name": "19667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19667"
},
{
"name": "1016731",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016731"
},
{
"name": "28132",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28132"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/923762.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/923762.mspx"
},
{
"name": "http://support.microsoft.com/kb/923762/",
"refsource": "CONFIRM",
"url": "http://support.microsoft.com/kb/923762/"
},
{
"name": "21557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21557"
},
{
"name": "http://www.nsfocus.com/english/homepage/research/0608.htm",
"refsource": "MISC",
"url": "http://www.nsfocus.com/english/homepage/research/0608.htm"
},
{
"name": "20060824 EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444241/100/0/threaded"
},
{
"name": "VU#821156",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/821156"
},
{
"name": "ADV-2006-3356",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3356"
},
{
"name": "1441",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1441"
},
{
"name": "20060825 NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444319/100/0/threaded"
},
{
"name": "20060822 EEYE:ALERT: MS06-042 Related Internet Explorer \u0027Crash\u0027 is Exploitable",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444046/100/0/threaded"
},
{
"name": "ie-long-url-bo(28522)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3869",
"datePublished": "2006-08-23T01:00:00",
"dateReserved": "2006-07-26T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0817
Vulnerability from cvelistv5
Published
2004-01-14 05:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:508",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508"
},
{
"name": "oval:org.mitre.oval:def:543",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543"
},
{
"name": "oval:org.mitre.oval:def:548",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548"
},
{
"name": "oval:org.mitre.oval:def:520",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520"
},
{
"name": "MS03-048",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "oval:org.mitre.oval:def:556",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556"
},
{
"name": "9012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9012"
},
{
"name": "oval:org.mitre.oval:def:549",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549"
},
{
"name": "oval:org.mitre.oval:def:566",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566"
},
{
"name": "10192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10192"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:508",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508"
},
{
"name": "oval:org.mitre.oval:def:543",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543"
},
{
"name": "oval:org.mitre.oval:def:548",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548"
},
{
"name": "oval:org.mitre.oval:def:520",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520"
},
{
"name": "MS03-048",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "oval:org.mitre.oval:def:556",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556"
},
{
"name": "9012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9012"
},
{
"name": "oval:org.mitre.oval:def:549",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549"
},
{
"name": "oval:org.mitre.oval:def:566",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566"
},
{
"name": "10192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:508",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508"
},
{
"name": "oval:org.mitre.oval:def:543",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543"
},
{
"name": "oval:org.mitre.oval:def:548",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548"
},
{
"name": "oval:org.mitre.oval:def:520",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520"
},
{
"name": "MS03-048",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"name": "oval:org.mitre.oval:def:556",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556"
},
{
"name": "9012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9012"
},
{
"name": "oval:org.mitre.oval:def:549",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549"
},
{
"name": "oval:org.mitre.oval:def:566",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566"
},
{
"name": "10192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0817",
"datePublished": "2004-01-14T05:00:00",
"dateReserved": "2003-09-18T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0842
Vulnerability from cvelistv5
Published
2004-09-14 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:4169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
},
{
"name": "VU#291304",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/291304"
},
{
"name": "oval:org.mitre.oval:def:2906",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
},
{
"name": "20040723 Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ecqurity.com/adv/IEstyle.html"
},
{
"name": "oval:org.mitre.oval:def:5592",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
},
{
"name": "12806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12806"
},
{
"name": "P-006",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
},
{
"name": "10816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10816"
},
{
"name": "oval:org.mitre.oval:def:6579",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
},
{
"name": "oval:org.mitre.oval:def:3372",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from \"memory corruption\") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the \"\u003cSTYLE\u003e@;/*\" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the \"CSS Heap Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:4169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
},
{
"name": "VU#291304",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/291304"
},
{
"name": "oval:org.mitre.oval:def:2906",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
},
{
"name": "20040723 Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ecqurity.com/adv/IEstyle.html"
},
{
"name": "oval:org.mitre.oval:def:5592",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
},
{
"name": "12806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12806"
},
{
"name": "P-006",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
},
{
"name": "10816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10816"
},
{
"name": "oval:org.mitre.oval:def:6579",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
},
{
"name": "oval:org.mitre.oval:def:3372",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from \"memory corruption\") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the \"\u003cSTYLE\u003e@;/*\" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the \"CSS Heap Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:4169",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
},
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "http://www.securiteam.com/exploits/5NP042KF5A.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
},
{
"name": "VU#291304",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/291304"
},
{
"name": "oval:org.mitre.oval:def:2906",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
},
{
"name": "20040723 Crash IE with 11 bytes ;)",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
},
{
"name": "http://www.ecqurity.com/adv/IEstyle.html",
"refsource": "MISC",
"url": "http://www.ecqurity.com/adv/IEstyle.html"
},
{
"name": "oval:org.mitre.oval:def:5592",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
},
{
"name": "ie-popupshow-perform-actions(16675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"name": "TA04-293A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "20040728 Re: Crash IE with 11 bytes ;)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
},
{
"name": "12806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12806"
},
{
"name": "P-006",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
},
{
"name": "10816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10816"
},
{
"name": "oval:org.mitre.oval:def:6579",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
},
{
"name": "oval:org.mitre.oval:def:3372",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0842",
"datePublished": "2004-09-14T04:00:00",
"dateReserved": "2004-09-08T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0233
Vulnerability from cvelistv5
Published
2003-05-02 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 | vendor-advisory, x_refsource_MS | |
| http://marc.info/?l=bugtraq&m=105120164927952&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/11854.php | vdb-entry, x_refsource_XF | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS03-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"name": "20030424 Internet Explorer Plugin.ocx heap overflow (#NISR24042003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105120164927952\u0026w=2"
},
{
"name": "ie-plugin-load-bo(11854)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11854.php"
},
{
"name": "oval:org.mitre.oval:def:1094",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS03-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"name": "20030424 Internet Explorer Plugin.ocx heap overflow (#NISR24042003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105120164927952\u0026w=2"
},
{
"name": "ie-plugin-load-bo(11854)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11854.php"
},
{
"name": "oval:org.mitre.oval:def:1094",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS03-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"name": "20030424 Internet Explorer Plugin.ocx heap overflow (#NISR24042003)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105120164927952\u0026w=2"
},
{
"name": "ie-plugin-load-bo(11854)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11854.php"
},
{
"name": "oval:org.mitre.oval:def:1094",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0233",
"datePublished": "2003-05-02T04:00:00",
"dateReserved": "2003-04-30T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2291
Vulnerability from cvelistv5
Published
2005-08-04 04:00
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/9335 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/348688 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9335"
},
{
"name": "20040101 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/348688"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-08-04T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9335"
},
{
"name": "20040101 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/348688"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9335"
},
{
"name": "20040101 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/348688"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2291",
"datePublished": "2005-08-04T04:00:00Z",
"dateReserved": "2005-08-04T00:00:00Z",
"dateUpdated": "2024-09-16T23:41:08.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1499
Vulnerability from cvelistv5
Published
2007-03-17 10:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22966"
},
{
"name": "2448",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2448"
},
{
"name": "35352",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35352"
},
{
"name": "ADV-2007-0946",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0946"
},
{
"name": "oval:org.mitre.oval:def:1715",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715"
},
{
"name": "25627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25627"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx"
},
{
"name": "SSRT071438",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"name": "ie-navcancl-xss(33026)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026"
},
{
"name": "1018235",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018235"
},
{
"name": "24535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24535"
},
{
"name": "ADV-2007-2153",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2153"
},
{
"name": "TA07-163A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://news.com.com/2100-1002_3-6167410.html"
},
{
"name": "20070315 Re: Phishing using IE7 local resource vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded"
},
{
"name": "20070315 RE: Phishing using IE7 local resource vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded"
},
{
"name": "MS07-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
},
{
"name": "20070314 Phishing using IE7 local resource vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded"
},
{
"name": "HPSBST02231",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22966"
},
{
"name": "2448",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2448"
},
{
"name": "35352",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35352"
},
{
"name": "ADV-2007-0946",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0946"
},
{
"name": "oval:org.mitre.oval:def:1715",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715"
},
{
"name": "25627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25627"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx"
},
{
"name": "SSRT071438",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"name": "ie-navcancl-xss(33026)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026"
},
{
"name": "1018235",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018235"
},
{
"name": "24535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24535"
},
{
"name": "ADV-2007-2153",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2153"
},
{
"name": "TA07-163A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://news.com.com/2100-1002_3-6167410.html"
},
{
"name": "20070315 Re: Phishing using IE7 local resource vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded"
},
{
"name": "20070315 RE: Phishing using IE7 local resource vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded"
},
{
"name": "MS07-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
},
{
"name": "20070314 Phishing using IE7 local resource vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded"
},
{
"name": "HPSBST02231",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22966"
},
{
"name": "2448",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2448"
},
{
"name": "35352",
"refsource": "OSVDB",
"url": "http://osvdb.org/35352"
},
{
"name": "ADV-2007-0946",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0946"
},
{
"name": "oval:org.mitre.oval:def:1715",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715"
},
{
"name": "25627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25627"
},
{
"name": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx"
},
{
"name": "SSRT071438",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"name": "ie-navcancl-xss(33026)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026"
},
{
"name": "1018235",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018235"
},
{
"name": "24535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24535"
},
{
"name": "ADV-2007-2153",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2153"
},
{
"name": "TA07-163A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name": "http://news.com.com/2100-1002_3-6167410.html",
"refsource": "MISC",
"url": "http://news.com.com/2100-1002_3-6167410.html"
},
{
"name": "20070315 Re: Phishing using IE7 local resource vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded"
},
{
"name": "20070315 RE: Phishing using IE7 local resource vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded"
},
{
"name": "MS07-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
},
{
"name": "20070314 Phishing using IE7 local resource vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded"
},
{
"name": "HPSBST02231",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1499",
"datePublished": "2007-03-17T10:00:00",
"dateReserved": "2007-03-17T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2378
Vulnerability from cvelistv5
Published
2006-06-13 19:00
Modified
2024-08-07 17:51
Severity ?
EPSS score ?
Summary
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:03.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "win-art-image-bo(26809)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26809"
},
{
"name": "oval:org.mitre.oval:def:1640",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640"
},
{
"name": "26432",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26432"
},
{
"name": "oval:org.mitre.oval:def:1756",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756"
},
{
"name": "oval:org.mitre.oval:def:1668",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668"
},
{
"name": "TA06-164A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
},
{
"name": "20605",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20605"
},
{
"name": "MS06-022",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022"
},
{
"name": "VU#923236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/923236"
},
{
"name": "18394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18394"
},
{
"name": "20060613 Microsoft Internet Explorer ART File Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407"
},
{
"name": "ADV-2006-2320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2320"
},
{
"name": "oval:org.mitre.oval:def:1866",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866"
},
{
"name": "1016292",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016292"
},
{
"name": "oval:org.mitre.oval:def:1590",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "win-art-image-bo(26809)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26809"
},
{
"name": "oval:org.mitre.oval:def:1640",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640"
},
{
"name": "26432",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26432"
},
{
"name": "oval:org.mitre.oval:def:1756",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756"
},
{
"name": "oval:org.mitre.oval:def:1668",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668"
},
{
"name": "TA06-164A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
},
{
"name": "20605",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20605"
},
{
"name": "MS06-022",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022"
},
{
"name": "VU#923236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/923236"
},
{
"name": "18394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18394"
},
{
"name": "20060613 Microsoft Internet Explorer ART File Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407"
},
{
"name": "ADV-2006-2320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2320"
},
{
"name": "oval:org.mitre.oval:def:1866",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866"
},
{
"name": "1016292",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016292"
},
{
"name": "oval:org.mitre.oval:def:1590",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-2378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "win-art-image-bo(26809)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26809"
},
{
"name": "oval:org.mitre.oval:def:1640",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640"
},
{
"name": "26432",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26432"
},
{
"name": "oval:org.mitre.oval:def:1756",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756"
},
{
"name": "oval:org.mitre.oval:def:1668",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668"
},
{
"name": "TA06-164A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
},
{
"name": "20605",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20605"
},
{
"name": "MS06-022",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022"
},
{
"name": "VU#923236",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/923236"
},
{
"name": "18394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18394"
},
{
"name": "20060613 Microsoft Internet Explorer ART File Heap Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407"
},
{
"name": "ADV-2006-2320",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2320"
},
{
"name": "oval:org.mitre.oval:def:1866",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866"
},
{
"name": "1016292",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016292"
},
{
"name": "oval:org.mitre.oval:def:1590",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-2378",
"datePublished": "2006-06-13T19:00:00",
"dateReserved": "2006-05-15T00:00:00",
"dateUpdated": "2024-08-07T17:51:03.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3550
Vulnerability from cvelistv5
Published
2007-07-03 21:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/45814 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35455 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/485536/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/24744 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/2855 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/472651/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/473662 | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html | mailing-list, x_refsource_FULLDISC | |
| http://www.secniche.org/advisory/Internet_Dos_Adv.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45814",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45814"
},
{
"name": "ie-zone-dos(35455)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35455"
},
{
"name": "20071222 Bid 24744 ?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485536/100/0/threaded"
},
{
"name": "24744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24744"
},
{
"name": "2855",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2855"
},
{
"name": "20070701 Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472651/100/0/threaded"
},
{
"name": "20070712 Bogus BID 24744",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473662"
},
{
"name": "20070701 Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secniche.org/advisory/Internet_Dos_Adv.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka \"Internet Explorer Zone Domain Specification Dos and Page Suppressing\". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45814",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45814"
},
{
"name": "ie-zone-dos(35455)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35455"
},
{
"name": "20071222 Bid 24744 ?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485536/100/0/threaded"
},
{
"name": "24744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24744"
},
{
"name": "2855",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2855"
},
{
"name": "20070701 Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472651/100/0/threaded"
},
{
"name": "20070712 Bogus BID 24744",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473662"
},
{
"name": "20070701 Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secniche.org/advisory/Internet_Dos_Adv.pdf"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka \"Internet Explorer Zone Domain Specification Dos and Page Suppressing\". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45814",
"refsource": "OSVDB",
"url": "http://osvdb.org/45814"
},
{
"name": "ie-zone-dos(35455)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35455"
},
{
"name": "20071222 Bid 24744 ?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485536/100/0/threaded"
},
{
"name": "24744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24744"
},
{
"name": "2855",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2855"
},
{
"name": "20070701 Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472651/100/0/threaded"
},
{
"name": "20070712 Bogus BID 24744",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473662"
},
{
"name": "20070701 Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html"
},
{
"name": "http://www.secniche.org/advisory/Internet_Dos_Adv.pdf",
"refsource": "MISC",
"url": "http://www.secniche.org/advisory/Internet_Dos_Adv.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3550",
"datePublished": "2007-07-03T21:00:00",
"dateReserved": "2007-07-03T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3943
Vulnerability from cvelistv5
Published
2006-07-31 23:00
Modified
2024-08-07 18:48
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
References
| ▼ | URL | Tags |
|---|---|---|
| http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28046 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/27530 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/19184 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html"
},
{
"name": "ie-rgb-properties-dos(28046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28046"
},
{
"name": "27530",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27530"
},
{
"name": "19184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html"
},
{
"name": "ie-rgb-properties-dos(28046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28046"
},
{
"name": "27530",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27530"
},
{
"name": "19184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19184"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html"
},
{
"name": "ie-rgb-properties-dos(28046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28046"
},
{
"name": "27530",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27530"
},
{
"name": "19184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19184"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3943",
"datePublished": "2006-07-31T23:00:00",
"dateReserved": "2006-07-31T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3354
Vulnerability from cvelistv5
Published
2006-07-06 01:00
Modified
2024-08-07 18:23
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27596 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/18773 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/26834 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html"
},
{
"name": "ie-adodb-recordset-dos(27596)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27596"
},
{
"name": "18773",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18773"
},
{
"name": "26834",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html"
},
{
"name": "ie-adodb-recordset-dos(27596)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27596"
},
{
"name": "18773",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18773"
},
{
"name": "26834",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html"
},
{
"name": "ie-adodb-recordset-dos(27596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27596"
},
{
"name": "18773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18773"
},
{
"name": "26834",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3354",
"datePublished": "2006-07-06T01:00:00",
"dateReserved": "2006-07-05T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2831
Vulnerability from cvelistv5
Published
2005-12-14 11:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015348"
},
{
"name": "18064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18064"
},
{
"name": "15827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15827"
},
{
"name": "VU#959049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "oval:org.mitre.oval:def:1597",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1597"
},
{
"name": "TA05-347A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html"
},
{
"name": "MS05-054",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"name": "oval:org.mitre.oval:def:1475",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1475"
},
{
"name": "oval:org.mitre.oval:def:1520",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1520"
},
{
"name": "oval:org.mitre.oval:def:1426",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1426"
},
{
"name": "oval:org.mitre.oval:def:1558",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1558"
},
{
"name": "oval:org.mitre.oval:def:1543",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1543"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"name": "15368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15368"
},
{
"name": "ADV-2005-2909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"name": "18311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18311"
},
{
"name": "win-com-activex-execute-code(23453)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23453"
},
{
"name": "21763",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21763"
},
{
"name": "ADV-2005-2867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the \"COM Object Instantiation Memory Corruption Vulnerability,\" a different vulnerability than CVE-2005-2127."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1015348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015348"
},
{
"name": "18064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18064"
},
{
"name": "15827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15827"
},
{
"name": "VU#959049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "oval:org.mitre.oval:def:1597",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1597"
},
{
"name": "TA05-347A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html"
},
{
"name": "MS05-054",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"name": "oval:org.mitre.oval:def:1475",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1475"
},
{
"name": "oval:org.mitre.oval:def:1520",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1520"
},
{
"name": "oval:org.mitre.oval:def:1426",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1426"
},
{
"name": "oval:org.mitre.oval:def:1558",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1558"
},
{
"name": "oval:org.mitre.oval:def:1543",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1543"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"name": "15368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15368"
},
{
"name": "ADV-2005-2909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"name": "18311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18311"
},
{
"name": "win-com-activex-execute-code(23453)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23453"
},
{
"name": "21763",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21763"
},
{
"name": "ADV-2005-2867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2005-2831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the \"COM Object Instantiation Memory Corruption Vulnerability,\" a different vulnerability than CVE-2005-2127."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015348",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015348"
},
{
"name": "18064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18064"
},
{
"name": "15827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15827"
},
{
"name": "VU#959049",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "oval:org.mitre.oval:def:1597",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1597"
},
{
"name": "TA05-347A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html"
},
{
"name": "MS05-054",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"name": "oval:org.mitre.oval:def:1475",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1475"
},
{
"name": "oval:org.mitre.oval:def:1520",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1520"
},
{
"name": "oval:org.mitre.oval:def:1426",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1426"
},
{
"name": "oval:org.mitre.oval:def:1558",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1558"
},
{
"name": "oval:org.mitre.oval:def:1543",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1543"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"name": "15368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15368"
},
{
"name": "ADV-2005-2909",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"name": "18311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18311"
},
{
"name": "win-com-activex-execute-code(23453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23453"
},
{
"name": "21763",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21763"
},
{
"name": "ADV-2005-2867",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420",
"refsource": "MISC",
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2005-2831",
"datePublished": "2005-12-14T11:00:00",
"dateReserved": "2005-09-07T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1104
Vulnerability from cvelistv5
Published
2004-12-01 05:00
Modified
2024-08-08 00:39
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/11273 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/379903 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17938 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/702086 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/11565 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/425386/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/425883/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11273"
},
{
"name": "20041030 Re: New URL spoofing bug in Microsoft Internet Explorer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/379903"
},
{
"name": "ie-ahref-status-spoofing(17938)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17938"
},
{
"name": "VU#702086",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/702086"
},
{
"name": "11565",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11565"
},
{
"name": "20060218 Re: Internet Explorer Phishing mouseover issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425386/100/0/threaded"
},
{
"name": "20060223 Re: Internet Explorer Phishing mouseover issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425883/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty \"href\" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11273"
},
{
"name": "20041030 Re: New URL spoofing bug in Microsoft Internet Explorer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/379903"
},
{
"name": "ie-ahref-status-spoofing(17938)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17938"
},
{
"name": "VU#702086",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/702086"
},
{
"name": "11565",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11565"
},
{
"name": "20060218 Re: Internet Explorer Phishing mouseover issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425386/100/0/threaded"
},
{
"name": "20060223 Re: Internet Explorer Phishing mouseover issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425883/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty \"href\" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11273"
},
{
"name": "20041030 Re: New URL spoofing bug in Microsoft Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/379903"
},
{
"name": "ie-ahref-status-spoofing(17938)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17938"
},
{
"name": "VU#702086",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/702086"
},
{
"name": "11565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11565"
},
{
"name": "20060218 Re: Internet Explorer Phishing mouseover issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425386/100/0/threaded"
},
{
"name": "20060223 Re: Internet Explorer Phishing mouseover issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425883/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1104",
"datePublished": "2004-12-01T05:00:00",
"dateReserved": "2004-11-30T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0519
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt | x_refsource_MISC | |
| http://www.cert.org/advisories/CA-2000-10.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/1309 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/4627 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:30.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt"
},
{
"name": "CA-2000-10",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2000-10.html"
},
{
"name": "MS00-039",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039"
},
{
"name": "1309",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1309"
},
{
"name": "ie-revalidate-certificate(4627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4627"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different \"SSL Certificate Validation\" vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt"
},
{
"name": "CA-2000-10",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2000-10.html"
},
{
"name": "MS00-039",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039"
},
{
"name": "1309",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1309"
},
{
"name": "ie-revalidate-certificate(4627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4627"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different \"SSL Certificate Validation\" vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt",
"refsource": "MISC",
"url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt"
},
{
"name": "CA-2000-10",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2000-10.html"
},
{
"name": "MS00-039",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039"
},
{
"name": "1309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1309"
},
{
"name": "ie-revalidate-certificate(4627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4627"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0519",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:30.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4777
Vulnerability from cvelistv5
Published
2006-09-14 00:00
Modified
2024-08-07 19:23
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016854"
},
{
"name": "21910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21910"
},
{
"name": "1577",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1577"
},
{
"name": "TA06-318A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/925444.mspx"
},
{
"name": "ADV-2006-3593",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3593"
},
{
"name": "28842",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28842"
},
{
"name": "20060918 Re: IE ActiveX 0day?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446246/100/0/threaded"
},
{
"name": "20060915 RE: IE ActiveX 0day?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446084/100/0/threaded"
},
{
"name": "VU#377369",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/377369"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=2\u0026id=20"
},
{
"name": "ie-directanimation-code-execution(28942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28942"
},
{
"name": "20047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20047"
},
{
"name": "20060915 Fwd: IE ActiveX 0day?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446065/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1103",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1103"
},
{
"name": "MS06-067",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"name": "20060913 [0day] daxctle2.c - Internet Explorer COM Object Heap Overflow Download Exec Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445898/100/0/threaded"
},
{
"name": "20060915 Re: Fwd: IE ActiveX 0day?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446085/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016854"
},
{
"name": "21910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21910"
},
{
"name": "1577",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1577"
},
{
"name": "TA06-318A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/925444.mspx"
},
{
"name": "ADV-2006-3593",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3593"
},
{
"name": "28842",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28842"
},
{
"name": "20060918 Re: IE ActiveX 0day?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446246/100/0/threaded"
},
{
"name": "20060915 RE: IE ActiveX 0day?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446084/100/0/threaded"
},
{
"name": "VU#377369",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/377369"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=2\u0026id=20"
},
{
"name": "ie-directanimation-code-execution(28942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28942"
},
{
"name": "20047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20047"
},
{
"name": "20060915 Fwd: IE ActiveX 0day?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446065/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1103",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1103"
},
{
"name": "MS06-067",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"name": "20060913 [0day] daxctle2.c - Internet Explorer COM Object Heap Overflow Download Exec Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445898/100/0/threaded"
},
{
"name": "20060915 Re: Fwd: IE ActiveX 0day?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446085/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016854",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016854"
},
{
"name": "21910",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21910"
},
{
"name": "1577",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1577"
},
{
"name": "TA06-318A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/925444.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/925444.mspx"
},
{
"name": "ADV-2006-3593",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3593"
},
{
"name": "28842",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28842"
},
{
"name": "20060918 Re: IE ActiveX 0day?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446246/100/0/threaded"
},
{
"name": "20060915 RE: IE ActiveX 0day?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446084/100/0/threaded"
},
{
"name": "VU#377369",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/377369"
},
{
"name": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=2\u0026id=20",
"refsource": "MISC",
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=2\u0026id=20"
},
{
"name": "ie-directanimation-code-execution(28942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28942"
},
{
"name": "20047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20047"
},
{
"name": "20060915 Fwd: IE ActiveX 0day?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446065/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1103",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1103"
},
{
"name": "MS06-067",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"name": "20060913 [0day] daxctle2.c - Internet Explorer COM Object Heap Overflow Download Exec Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445898/100/0/threaded"
},
{
"name": "20060915 Re: Fwd: IE ActiveX 0day?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446085/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4777",
"datePublished": "2006-09-14T00:00:00",
"dateReserved": "2006-09-13T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1791
Vulnerability from cvelistv5
Published
2005-06-01 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/13798 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=111746303509720&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:56.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13798",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13798"
},
{
"name": "20050531 Microsoft Internet Explorer - Crash on adding sites to restricted zone (05/28/2005)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111746303509720\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13798",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13798"
},
{
"name": "20050531 Microsoft Internet Explorer - Crash on adding sites to restricted zone (05/28/2005)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111746303509720\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13798"
},
{
"name": "20050531 Microsoft Internet Explorer - Crash on adding sites to restricted zone (05/28/2005)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111746303509720\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1791",
"datePublished": "2005-06-01T04:00:00",
"dateReserved": "2005-06-01T00:00:00",
"dateUpdated": "2024-08-07T22:06:56.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2069
Vulnerability from cvelistv5
Published
2009-06-15 19:00
Modified
2024-08-07 05:36
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf | x_refsource_MISC | |
| http://www.securityfocus.com/bid/35411 | vdb-entry, x_refsource_BID | |
| http://research.microsoft.com/apps/pubs/default.aspx?id=79323 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "35411",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35411"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "35411",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35411"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf",
"refsource": "MISC",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "35411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35411"
},
{
"name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323",
"refsource": "MISC",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2069",
"datePublished": "2009-06-15T19:00:00",
"dateReserved": "2009-06-15T00:00:00",
"dateUpdated": "2024-08-07T05:36:20.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0152
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101897994314015&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019 | vendor-advisory, x_refsource_MS | |
| http://www.osvdb.org/5357 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/4517 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/8850.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:27.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020416 w00w00 on Microsoft IE/Office for Mac OS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101897994314015\u0026w=2"
},
{
"name": "MS02-019",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"
},
{
"name": "5357",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5357"
},
{
"name": "4517",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4517"
},
{
"name": "ms-mac-html-file-bo(8850)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8850.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020416 w00w00 on Microsoft IE/Office for Mac OS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101897994314015\u0026w=2"
},
{
"name": "MS02-019",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"
},
{
"name": "5357",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5357"
},
{
"name": "4517",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4517"
},
{
"name": "ms-mac-html-file-bo(8850)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8850.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020416 w00w00 on Microsoft IE/Office for Mac OS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101897994314015\u0026w=2"
},
{
"name": "MS02-019",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"
},
{
"name": "5357",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5357"
},
{
"name": "4517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4517"
},
{
"name": "ms-mac-html-file-bo(8850)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8850.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0152",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-03-19T00:00:00",
"dateUpdated": "2024-08-08T02:42:27.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1186
Vulnerability from cvelistv5
Published
2006-04-11 23:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#959049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "18957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18957"
},
{
"name": "oval:org.mitre.oval:def:1589",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589"
},
{
"name": "oval:org.mitre.oval:def:1446",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446"
},
{
"name": "1015900",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015900"
},
{
"name": "oval:org.mitre.oval:def:1651",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651"
},
{
"name": "TA06-101A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "MS06-013",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "17453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17453"
},
{
"name": "ADV-2006-1318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "ie-com-activex-execute-code(25545)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545"
},
{
"name": "oval:org.mitre.oval:def:1704",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704"
},
{
"name": "oval:org.mitre.oval:def:791",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "VU#959049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "18957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18957"
},
{
"name": "oval:org.mitre.oval:def:1589",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589"
},
{
"name": "oval:org.mitre.oval:def:1446",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446"
},
{
"name": "1015900",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015900"
},
{
"name": "oval:org.mitre.oval:def:1651",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651"
},
{
"name": "TA06-101A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "MS06-013",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "17453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17453"
},
{
"name": "ADV-2006-1318",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "ie-com-activex-execute-code(25545)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545"
},
{
"name": "oval:org.mitre.oval:def:1704",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704"
},
{
"name": "oval:org.mitre.oval:def:791",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#959049",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"name": "18957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18957"
},
{
"name": "oval:org.mitre.oval:def:1589",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589"
},
{
"name": "oval:org.mitre.oval:def:1446",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446"
},
{
"name": "1015900",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015900"
},
{
"name": "oval:org.mitre.oval:def:1651",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651"
},
{
"name": "TA06-101A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "MS06-013",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"name": "17453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17453"
},
{
"name": "ADV-2006-1318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"name": "ie-com-activex-execute-code(25545)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545"
},
{
"name": "oval:org.mitre.oval:def:1704",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704"
},
{
"name": "oval:org.mitre.oval:def:791",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-1186",
"datePublished": "2006-04-11T23:00:00",
"dateReserved": "2006-03-13T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3639
Vulnerability from cvelistv5
Published
2006-08-09 00:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1016663 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/21396 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/27851 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2006/3212 | vdb-entry, x_refsource_VUPEN | |
| http://www.us-cert.gov/cas/techalerts/TA06-220A.html | third-party-advisory, x_refsource_CERT | |
| http://www.kb.cert.org/vuls/id/252764 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/19400 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "21396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21396"
},
{
"name": "27851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27851"
},
{
"name": "ADV-2006-3212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "VU#252764",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/252764"
},
{
"name": "19400",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19400"
},
{
"name": "oval:org.mitre.oval:def:577",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka \"Source Element Cross-Domain Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1016663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "21396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21396"
},
{
"name": "27851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27851"
},
{
"name": "ADV-2006-3212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "VU#252764",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/252764"
},
{
"name": "19400",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19400"
},
{
"name": "oval:org.mitre.oval:def:577",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka \"Source Element Cross-Domain Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016663",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016663"
},
{
"name": "MS06-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name": "21396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21396"
},
{
"name": "27851",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27851"
},
{
"name": "ADV-2006-3212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "VU#252764",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/252764"
},
{
"name": "19400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19400"
},
{
"name": "oval:org.mitre.oval:def:577",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3639",
"datePublished": "2006-08-09T00:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2308
Vulnerability from cvelistv5
Published
2005-07-19 04:00
Modified
2024-09-17 03:48
Severity ?
EPSS score ?
Summary
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/14285 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/14286 | vdb-entry, x_refsource_BID | |
| http://lcamtuf.coredump.cx/crash | x_refsource_MISC | |
| http://www.securityfocus.com/bid/14284 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/405298 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:48.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14285"
},
{
"name": "14286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14286"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lcamtuf.coredump.cx/crash"
},
{
"name": "14284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14284"
},
{
"name": "20050715 Compromising pictures of Microsoft Internet Explorer!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/405298"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-19T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14285"
},
{
"name": "14286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14286"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lcamtuf.coredump.cx/crash"
},
{
"name": "14284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14284"
},
{
"name": "20050715 Compromising pictures of Microsoft Internet Explorer!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/405298"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14285"
},
{
"name": "14286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14286"
},
{
"name": "http://lcamtuf.coredump.cx/crash",
"refsource": "MISC",
"url": "http://lcamtuf.coredump.cx/crash"
},
{
"name": "14284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14284"
},
{
"name": "20050715 Compromising pictures of Microsoft Internet Explorer!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/405298"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2308",
"datePublished": "2005-07-19T04:00:00Z",
"dateReserved": "2005-07-19T00:00:00Z",
"dateUpdated": "2024-09-17T03:48:26.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1050
Vulnerability from cvelistv5
Published
2004-11-18 05:00
Modified
2024-08-08 00:38
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:38:59.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#842160",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/842160"
},
{
"name": "20041023 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
},
{
"name": "MS04-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
},
{
"name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
},
{
"name": "11515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11515"
},
{
"name": "oval:org.mitre.oval:def:1294",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
},
{
"name": "20041025 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
},
{
"name": "TA04-315A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
},
{
"name": "ie-iframe-src-name-bo(17889)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
},
{
"name": "12959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12959/"
},
{
"name": "20041024 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/379261"
},
{
"name": "TA04-336A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#842160",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/842160"
},
{
"name": "20041023 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
},
{
"name": "MS04-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
},
{
"name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
},
{
"name": "11515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11515"
},
{
"name": "oval:org.mitre.oval:def:1294",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
},
{
"name": "20041025 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
},
{
"name": "TA04-315A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
},
{
"name": "ie-iframe-src-name-bo(17889)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
},
{
"name": "12959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12959/"
},
{
"name": "20041024 python does mangleme (with IE bugs!)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/379261"
},
{
"name": "TA04-336A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#842160",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/842160"
},
{
"name": "20041023 python does mangleme (with IE bugs!)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
},
{
"name": "MS04-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
},
{
"name": "20041102 MSIE \u003cIFRAME\u003e and \u003cFRAME\u003e tag NAME property bufferoverflow PoC",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
},
{
"name": "11515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11515"
},
{
"name": "oval:org.mitre.oval:def:1294",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
},
{
"name": "20041025 python does mangleme (with IE bugs!)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
},
{
"name": "TA04-315A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
},
{
"name": "ie-iframe-src-name-bo(17889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
},
{
"name": "12959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12959/"
},
{
"name": "20041024 python does mangleme (with IE bugs!)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/379261"
},
{
"name": "TA04-336A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1050",
"datePublished": "2004-11-18T05:00:00",
"dateReserved": "2004-11-17T00:00:00",
"dateUpdated": "2024-08-08T00:38:59.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0053
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:41.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS05-008",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008"
},
{
"name": "oval:org.mitre.oval:def:4726",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4726"
},
{
"name": "MS05-014",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"name": "oval:org.mitre.oval:def:4864",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4864"
},
{
"name": "oval:org.mitre.oval:def:1334",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1334"
},
{
"name": "oval:org.mitre.oval:def:2046",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2046"
},
{
"name": "oval:org.mitre.oval:def:2953",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2953"
},
{
"name": "TA05-039A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "VU#698835",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/698835"
},
{
"name": "oval:org.mitre.oval:def:1015",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015"
},
{
"name": "11466",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11466"
},
{
"name": "oval:org.mitre.oval:def:3006",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3006"
},
{
"name": "ie-dragdrop-gain-privileges(19117)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the \"Drag-and-Drop Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS05-008",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008"
},
{
"name": "oval:org.mitre.oval:def:4726",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4726"
},
{
"name": "MS05-014",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"name": "oval:org.mitre.oval:def:4864",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4864"
},
{
"name": "oval:org.mitre.oval:def:1334",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1334"
},
{
"name": "oval:org.mitre.oval:def:2046",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2046"
},
{
"name": "oval:org.mitre.oval:def:2953",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2953"
},
{
"name": "TA05-039A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "VU#698835",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/698835"
},
{
"name": "oval:org.mitre.oval:def:1015",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015"
},
{
"name": "11466",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11466"
},
{
"name": "oval:org.mitre.oval:def:3006",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3006"
},
{
"name": "ie-dragdrop-gain-privileges(19117)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the \"Drag-and-Drop Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS05-008",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008"
},
{
"name": "oval:org.mitre.oval:def:4726",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4726"
},
{
"name": "MS05-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"name": "oval:org.mitre.oval:def:4864",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4864"
},
{
"name": "oval:org.mitre.oval:def:1334",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1334"
},
{
"name": "oval:org.mitre.oval:def:2046",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2046"
},
{
"name": "oval:org.mitre.oval:def:2953",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2953"
},
{
"name": "TA05-039A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "VU#698835",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/698835"
},
{
"name": "oval:org.mitre.oval:def:1015",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015"
},
{
"name": "11466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11466"
},
{
"name": "oval:org.mitre.oval:def:3006",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3006"
},
{
"name": "ie-dragdrop-gain-privileges(19117)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0053",
"datePublished": "2005-02-08T05:00:00",
"dateReserved": "2005-01-11T00:00:00",
"dateUpdated": "2024-08-07T20:57:41.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2435
Vulnerability from cvelistv5
Published
2011-12-07 19:00
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
References
| ▼ | URL | Tags |
|---|---|---|
| http://w2spconf.com/2010/papers/p26.pdf | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71817 | vdb-entry, x_refsource_XF | |
| http://bugzilla.mozilla.org/show_bug.cgi?id=147777 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:54.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://w2spconf.com/2010/papers/p26.pdf"
},
{
"name": "ms-ie-css-info-disc(71817)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=147777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://w2spconf.com/2010/papers/p26.pdf"
},
{
"name": "ms-ie-css-info-disc(71817)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=147777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://w2spconf.com/2010/papers/p26.pdf",
"refsource": "MISC",
"url": "http://w2spconf.com/2010/papers/p26.pdf"
},
{
"name": "ms-ie-css-info-disc(71817)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71817"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=147777",
"refsource": "MISC",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=147777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2435",
"datePublished": "2011-12-07T19:00:00",
"dateReserved": "2011-12-07T00:00:00",
"dateUpdated": "2024-08-08T04:06:54.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6659
Vulnerability from cvelistv5
Published
2006-12-20 02:00
Modified
2024-09-16 18:59
Severity ?
EPSS score ?
Summary
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/21649 | vdb-entry, x_refsource_BID | |
| http://shinnai.altervista.org/viewtopic.php?id=41&t_id=8 | x_refsource_MISC | |
| http://securitytracker.com/id?1017397 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21649",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21649"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://shinnai.altervista.org/viewtopic.php?id=41\u0026t_id=8"
},
{
"name": "1017397",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-20T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21649",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21649"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://shinnai.altervista.org/viewtopic.php?id=41\u0026t_id=8"
},
{
"name": "1017397",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017397"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21649"
},
{
"name": "http://shinnai.altervista.org/viewtopic.php?id=41\u0026t_id=8",
"refsource": "MISC",
"url": "http://shinnai.altervista.org/viewtopic.php?id=41\u0026t_id=8"
},
{
"name": "1017397",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017397"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6659",
"datePublished": "2006-12-20T02:00:00Z",
"dateReserved": "2006-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T18:59:10.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0838
Vulnerability from cvelistv5
Published
2003-10-07 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-popup-code-execution(13314)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13314"
},
{
"name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106304733121753\u0026w=2"
},
{
"name": "7872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7872"
},
{
"name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=106302799428500\u0026w=2"
},
{
"name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html"
},
{
"name": "20030908 Temporary Fix for IE Zero Day Malware RE: BAD NEWS: Microsoft Security Bulletin MS03-032",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106304876523459\u0026w=2"
},
{
"name": "8556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8556"
},
{
"name": "MS03-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040"
},
{
"name": "20031001 DNS/Hosts file issues",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0310\u0026L=ntbugtraq\u0026F=P\u0026S=\u0026P=2169"
},
{
"name": "oval:org.mitre.oval:def:204",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a \"data\" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-popup-code-execution(13314)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13314"
},
{
"name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106304733121753\u0026w=2"
},
{
"name": "7872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7872"
},
{
"name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=106302799428500\u0026w=2"
},
{
"name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html"
},
{
"name": "20030908 Temporary Fix for IE Zero Day Malware RE: BAD NEWS: Microsoft Security Bulletin MS03-032",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106304876523459\u0026w=2"
},
{
"name": "8556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8556"
},
{
"name": "MS03-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040"
},
{
"name": "20031001 DNS/Hosts file issues",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0310\u0026L=ntbugtraq\u0026F=P\u0026S=\u0026P=2169"
},
{
"name": "oval:org.mitre.oval:def:204",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a \"data\" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-popup-code-execution(13314)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13314"
},
{
"name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106304733121753\u0026w=2"
},
{
"name": "7872",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7872"
},
{
"name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=106302799428500\u0026w=2"
},
{
"name": "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html"
},
{
"name": "20030908 Temporary Fix for IE Zero Day Malware RE: BAD NEWS: Microsoft Security Bulletin MS03-032",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106304876523459\u0026w=2"
},
{
"name": "8556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8556"
},
{
"name": "MS03-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040"
},
{
"name": "20031001 DNS/Hosts file issues",
"refsource": "NTBUGTRAQ",
"url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0310\u0026L=ntbugtraq\u0026F=P\u0026S=\u0026P=2169"
},
{
"name": "oval:org.mitre.oval:def:204",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204"
},
{
"name": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html",
"refsource": "MISC",
"url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0838",
"datePublished": "2003-10-07T04:00:00",
"dateReserved": "2003-10-02T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0844
Vulnerability from cvelistv5
Published
2004-10-16 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17652 | vdb-entry, x_refsource_XF | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA04-293A.html | third-party-advisory, x_refsource_CERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17651 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=ntbugtraq&m=110174346717733&w=2 | mailing-list, x_refsource_NTBUGTRAQ | |
| http://marc.info/?l=bugtraq&m=110178042025729&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/431576 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-dbcs-obtain-information(17652)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652"
},
{
"name": "oval:org.mitre.oval:def:2448",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448"
},
{
"name": "oval:org.mitre.oval:def:8127",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "ie-ms04038-patch(17651)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2"
},
{
"name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2"
},
{
"name": "VU#431576",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/431576"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the \"Address Bar Spoofing on Double Byte Character Set Systems Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-dbcs-obtain-information(17652)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652"
},
{
"name": "oval:org.mitre.oval:def:2448",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448"
},
{
"name": "oval:org.mitre.oval:def:8127",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "ie-ms04038-patch(17651)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2"
},
{
"name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2"
},
{
"name": "VU#431576",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/431576"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the \"Address Bar Spoofing on Double Byte Character Set Systems Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-dbcs-obtain-information(17652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652"
},
{
"name": "oval:org.mitre.oval:def:2448",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448"
},
{
"name": "oval:org.mitre.oval:def:8127",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127"
},
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "TA04-293A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "ie-ms04038-patch(17651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2"
},
{
"name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2"
},
{
"name": "VU#431576",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/431576"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0844",
"datePublished": "2004-10-16T04:00:00",
"dateReserved": "2004-09-08T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0811
Vulnerability from cvelistv5
Published
2007-02-07 11:00
Modified
2024-08-07 12:34
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/37636 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/22408 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/3272 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.powerhacker.net/exploit/IE_NULL_CRASH.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37636",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37636"
},
{
"name": "22408",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22408"
},
{
"name": "3272",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3272"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.powerhacker.net/exploit/IE_NULL_CRASH.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37636",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37636"
},
{
"name": "22408",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22408"
},
{
"name": "3272",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3272"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.powerhacker.net/exploit/IE_NULL_CRASH.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37636",
"refsource": "OSVDB",
"url": "http://osvdb.org/37636"
},
{
"name": "22408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22408"
},
{
"name": "3272",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3272"
},
{
"name": "http://www.powerhacker.net/exploit/IE_NULL_CRASH.html",
"refsource": "MISC",
"url": "http://www.powerhacker.net/exploit/IE_NULL_CRASH.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0811",
"datePublished": "2007-02-07T11:00:00",
"dateReserved": "2007-02-07T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3471
Vulnerability from cvelistv5
Published
2006-07-10 19:00
Modified
2024-08-07 18:30
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/26837 | vdb-entry, x_refsource_OSVDB | |
| http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27592 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/18873 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2006/2701 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26837",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26837"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html"
},
{
"name": "ie-tableframeset-appendchild-dos(27592)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27592"
},
{
"name": "18873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18873"
},
{
"name": "ADV-2006-2701",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2701"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26837",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26837"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html"
},
{
"name": "ie-tableframeset-appendchild-dos(27592)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27592"
},
{
"name": "18873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18873"
},
{
"name": "ADV-2006-2701",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2701"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26837",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26837"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html"
},
{
"name": "ie-tableframeset-appendchild-dos(27592)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27592"
},
{
"name": "18873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18873"
},
{
"name": "ADV-2006-2701",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2701"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3471",
"datePublished": "2006-07-10T19:00:00",
"dateReserved": "2006-07-10T00:00:00",
"dateUpdated": "2024-08-07T18:30:33.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4687
Vulnerability from cvelistv5
Published
2006-11-14 21:00
Modified
2024-08-07 19:23
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA06-318A.html | third-party-advisory, x_refsource_CERT | |
| http://www.zerodayinitiative.com/advisories/ZDI-06-041.html | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.osvdb.org/31323 | vdb-entry, x_refsource_OSVDB | |
| http://www.kb.cert.org/vuls/id/197852 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1017223 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/4505 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/451590/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29199 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/21020 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA06-318A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-041.html"
},
{
"name": "oval:org.mitre.oval:def:456",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456"
},
{
"name": "31323",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31323"
},
{
"name": "VU#197852",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/197852"
},
{
"name": "1017223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017223"
},
{
"name": "ADV-2006-4505",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4505"
},
{
"name": "20061114 ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451590/100/100/threaded"
},
{
"name": "ie-layout-code-execution(29199)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29199"
},
{
"name": "21020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21020"
},
{
"name": "MS06-067",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA06-318A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-041.html"
},
{
"name": "oval:org.mitre.oval:def:456",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456"
},
{
"name": "31323",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31323"
},
{
"name": "VU#197852",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/197852"
},
{
"name": "1017223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017223"
},
{
"name": "ADV-2006-4505",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4505"
},
{
"name": "20061114 ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451590/100/100/threaded"
},
{
"name": "ie-layout-code-execution(29199)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29199"
},
{
"name": "21020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21020"
},
{
"name": "MS06-067",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA06-318A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-041.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-041.html"
},
{
"name": "oval:org.mitre.oval:def:456",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456"
},
{
"name": "31323",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31323"
},
{
"name": "VU#197852",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/197852"
},
{
"name": "1017223",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017223"
},
{
"name": "ADV-2006-4505",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4505"
},
{
"name": "20061114 ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451590/100/100/threaded"
},
{
"name": "ie-layout-code-execution(29199)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29199"
},
{
"name": "21020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21020"
},
{
"name": "MS06-067",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-4687",
"datePublished": "2006-11-14T21:00:00",
"dateReserved": "2006-09-11T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0078
Vulnerability from cvelistv5
Published
2008-02-12 22:00
Modified
2024-08-07 07:32
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/27689 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1019381 | vdb-entry, x_refsource_SECTRACK | |
| http://marc.info/?l=bugtraq&m=120361015026386&w=2 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=120361015026386&w=2 | vendor-advisory, x_refsource_HP | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA08-043C.html | third-party-advisory, x_refsource_CERT | |
| http://www.vupen.com/english/advisories/2008/0512/references | vdb-entry, x_refsource_VUPEN | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/28903 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:24.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27689",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27689"
},
{
"name": "1019381",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019381"
},
{
"name": "HPSBST02314",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "SSRT080016",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:4904",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904"
},
{
"name": "TA08-043C",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "ADV-2008-0512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0512/references"
},
{
"name": "MS08-010",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010"
},
{
"name": "28903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka \"Argument Handling Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "27689",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27689"
},
{
"name": "1019381",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019381"
},
{
"name": "HPSBST02314",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "SSRT080016",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:4904",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904"
},
{
"name": "TA08-043C",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "ADV-2008-0512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0512/references"
},
{
"name": "MS08-010",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010"
},
{
"name": "28903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28903"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka \"Argument Handling Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27689"
},
{
"name": "1019381",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019381"
},
{
"name": "HPSBST02314",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "SSRT080016",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:4904",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904"
},
{
"name": "TA08-043C",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "ADV-2008-0512",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0512/references"
},
{
"name": "MS08-010",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010"
},
{
"name": "28903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28903"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0078",
"datePublished": "2008-02-12T22:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T07:32:24.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0500
Vulnerability from cvelistv5
Published
2005-02-21 05:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=full-disclosure&m=110895997201027&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/14335 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19452 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/12602 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050221 WindowsXPSP2 script-initiated popup window",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=110895997201027\u0026w=2"
},
{
"name": "14335",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14335"
},
{
"name": "ie-title-bar-spoofing(19452)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19452"
},
{
"name": "12602",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050221 WindowsXPSP2 script-initiated popup window",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=110895997201027\u0026w=2"
},
{
"name": "14335",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14335"
},
{
"name": "ie-title-bar-spoofing(19452)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19452"
},
{
"name": "12602",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050221 WindowsXPSP2 script-initiated popup window",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=110895997201027\u0026w=2"
},
{
"name": "14335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14335"
},
{
"name": "ie-title-bar-spoofing(19452)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19452"
},
{
"name": "12602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0500",
"datePublished": "2005-02-21T05:00:00",
"dateReserved": "2005-02-21T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0054
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:3196",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196"
},
{
"name": "ie-file-url-encode(19214)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19214"
},
{
"name": "MS05-014",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"name": "TA05-039A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "oval:org.mitre.oval:def:3060",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060"
},
{
"name": "oval:org.mitre.oval:def:1736",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736"
},
{
"name": "20050209 Internet Explorer zone spoofing with encoded URLs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110796851002781\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:3586",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586"
},
{
"name": "oval:org.mitre.oval:def:1308",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308"
},
{
"name": "VU#580299",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/580299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the \"URL Decoding Zone Spoofing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:3196",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196"
},
{
"name": "ie-file-url-encode(19214)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19214"
},
{
"name": "MS05-014",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"name": "TA05-039A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "oval:org.mitre.oval:def:3060",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060"
},
{
"name": "oval:org.mitre.oval:def:1736",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736"
},
{
"name": "20050209 Internet Explorer zone spoofing with encoded URLs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110796851002781\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:3586",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586"
},
{
"name": "oval:org.mitre.oval:def:1308",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308"
},
{
"name": "VU#580299",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/580299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the \"URL Decoding Zone Spoofing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:3196",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196"
},
{
"name": "ie-file-url-encode(19214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19214"
},
{
"name": "MS05-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"name": "TA05-039A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "oval:org.mitre.oval:def:3060",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060"
},
{
"name": "oval:org.mitre.oval:def:1736",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736"
},
{
"name": "20050209 Internet Explorer zone spoofing with encoded URLs",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110796851002781\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:3586",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586"
},
{
"name": "oval:org.mitre.oval:def:1308",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308"
},
{
"name": "VU#580299",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/580299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0054",
"datePublished": "2005-02-08T05:00:00",
"dateReserved": "2005-01-11T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1497
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/3563 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/241400 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/241323 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/7592.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3563",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3563"
},
{
"name": "20011120 Re: MS IE Password inputs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/241400"
},
{
"name": "20011121 MS IE Password inputs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/241323"
},
{
"name": "ie-password-character-information(7592)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7592.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-06T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3563",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3563"
},
{
"name": "20011120 Re: MS IE Password inputs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/241400"
},
{
"name": "20011121 MS IE Password inputs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/241323"
},
{
"name": "ie-password-character-information(7592)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7592.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3563"
},
{
"name": "20011120 Re: MS IE Password inputs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/241400"
},
{
"name": "20011121 MS IE Password inputs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/241323"
},
{
"name": "ie-password-character-information(7592)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7592.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1497",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2118
Vulnerability from cvelistv5
Published
2010-06-01 20:00
Modified
2024-08-07 02:25
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://websecurity.com.ua/4238/ | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/511509/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:06.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/4238/"
},
{
"name": "20100528 [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511509/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/4238/"
},
{
"name": "20100528 [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511509/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/4238/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/4238/"
},
{
"name": "20100528 [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511509/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2118",
"datePublished": "2010-06-01T20:00:00",
"dateReserved": "2010-06-01T00:00:00",
"dateUpdated": "2024-08-07T02:25:06.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1991
Vulnerability from cvelistv5
Published
2010-05-20 17:00
Modified
2024-08-07 02:17
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
References
| ▼ | URL | Tags |
|---|---|---|
| http://websecurity.com.ua/4206/ | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/511327/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/4206/"
},
{
"name": "20100518 DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511327/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/4206/"
},
{
"name": "20100518 DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511327/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/4206/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/4206/"
},
{
"name": "20100518 DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511327/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1991",
"datePublished": "2010-05-20T17:00:00",
"dateReserved": "2010-05-20T00:00:00",
"dateUpdated": "2024-08-07T02:17:13.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0843
Vulnerability from cvelistv5
Published
2004-10-16 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#625616",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/625616"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:7095",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7095"
},
{
"name": "oval:org.mitre.oval:def:7194",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7194"
},
{
"name": "oval:org.mitre.oval:def:2487",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "ie-ms04038-patch(17651)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"name": "oval:org.mitre.oval:def:2537",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537"
},
{
"name": "ie-plugin-address-spoofing(17655)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17655"
},
{
"name": "oval:org.mitre.oval:def:3949",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3949"
},
{
"name": "oval:org.mitre.oval:def:6313",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the \"Plug-in Navigation Address Bar Spoofing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#625616",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/625616"
},
{
"name": "MS04-038",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:7095",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7095"
},
{
"name": "oval:org.mitre.oval:def:7194",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7194"
},
{
"name": "oval:org.mitre.oval:def:2487",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487"
},
{
"name": "TA04-293A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "ie-ms04038-patch(17651)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"name": "oval:org.mitre.oval:def:2537",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537"
},
{
"name": "ie-plugin-address-spoofing(17655)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17655"
},
{
"name": "oval:org.mitre.oval:def:3949",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3949"
},
{
"name": "oval:org.mitre.oval:def:6313",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6313"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the \"Plug-in Navigation Address Bar Spoofing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#625616",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/625616"
},
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "oval:org.mitre.oval:def:7095",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7095"
},
{
"name": "oval:org.mitre.oval:def:7194",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7194"
},
{
"name": "oval:org.mitre.oval:def:2487",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487"
},
{
"name": "TA04-293A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"name": "ie-ms04038-patch(17651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"name": "oval:org.mitre.oval:def:2537",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537"
},
{
"name": "ie-plugin-address-spoofing(17655)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17655"
},
{
"name": "oval:org.mitre.oval:def:3949",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3949"
},
{
"name": "oval:org.mitre.oval:def:6313",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6313"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0843",
"datePublished": "2004-10-16T04:00:00",
"dateReserved": "2004-09-08T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2056
Vulnerability from cvelistv5
Published
2006-04-26 20:00
Modified
2024-08-07 17:35
Severity ?
EPSS score ?
Summary
Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/1538 | vdb-entry, x_refsource_VUPEN | |
| http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/432009/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26118 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1538",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1538"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html"
},
{
"name": "20060424 Multiple browsers Windows mailto protocol Office 2003 file attachment exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432009/100/0/threaded"
},
{
"name": "office-mailto-obtain-information(26118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1538",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1538"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html"
},
{
"name": "20060424 Multiple browsers Windows mailto protocol Office 2003 file attachment exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432009/100/0/threaded"
},
{
"name": "office-mailto-obtain-information(26118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26118"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1538",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1538"
},
{
"name": "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html",
"refsource": "MISC",
"url": "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html"
},
{
"name": "20060424 Multiple browsers Windows mailto protocol Office 2003 file attachment exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432009/100/0/threaded"
},
{
"name": "office-mailto-obtain-information(26118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26118"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2056",
"datePublished": "2006-04-26T20:00:00",
"dateReserved": "2006-04-26T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3240
Vulnerability from cvelistv5
Published
2006-02-14 11:00
Modified
2024-08-07 23:01
Severity ?
EPSS score ?
Summary
Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/424863/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2006/0553 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/18787 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/424940/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/16352 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24648 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1015049 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/2707 | vdb-entry, x_refsource_OSVDB | |
| http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060213 Internet Explorer drag\u0026drop 0day",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded"
},
{
"name": "ADV-2006-0553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0553"
},
{
"name": "18787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18787"
},
{
"name": "20060214 Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html"
},
{
"name": "16352",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16352"
},
{
"name": "ie-dragdrop-variant(24648)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648"
},
{
"name": "1015049",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015049"
},
{
"name": "2707",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2707"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060213 Internet Explorer drag\u0026drop 0day",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded"
},
{
"name": "ADV-2006-0553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0553"
},
{
"name": "18787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18787"
},
{
"name": "20060214 Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html"
},
{
"name": "16352",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16352"
},
{
"name": "ie-dragdrop-variant(24648)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648"
},
{
"name": "1015049",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015049"
},
{
"name": "2707",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2707"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060213 Internet Explorer drag\u0026drop 0day",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded"
},
{
"name": "ADV-2006-0553",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0553"
},
{
"name": "18787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18787"
},
{
"name": "20060214 Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded"
},
{
"name": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html"
},
{
"name": "16352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16352"
},
{
"name": "ie-dragdrop-variant(24648)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648"
},
{
"name": "1015049",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015049"
},
{
"name": "2707",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2707"
},
{
"name": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3240",
"datePublished": "2006-02-14T11:00:00",
"dateReserved": "2005-10-17T00:00:00",
"dateUpdated": "2024-08-07T23:01:59.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0839
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:48
Severity ?
EPSS score ?
Summary
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246972 | vendor-advisory, x_refsource_MSKB | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/828 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:38.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Q246972",
"tags": [
"vendor-advisory",
"x_refsource_MSKB",
"x_transferred"
],
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246972"
},
{
"name": "MS99-051",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051"
},
{
"name": "828",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/828"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "Q246972",
"tags": [
"vendor-advisory",
"x_refsource_MSKB"
],
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246972"
},
{
"name": "MS99-051",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051"
},
{
"name": "828",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/828"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Q246972",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246972"
},
{
"name": "MS99-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051"
},
{
"name": "828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/828"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0839",
"datePublished": "2000-01-04T05:00:00",
"dateReserved": "1999-12-07T00:00:00",
"dateUpdated": "2024-08-01T16:48:38.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5344
Vulnerability from cvelistv5
Published
2007-12-12 00:00
Modified
2024-08-07 15:24
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-element-code-execution(38715)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38715"
},
{
"name": "26817",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26817"
},
{
"name": "1019078",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019078"
},
{
"name": "SSRT071506",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "28036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28036"
},
{
"name": "20071211 ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484890/100/100/threaded"
},
{
"name": "MS07-069",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"name": "ADV-2007-4184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"name": "HPSBST02299",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:4480",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480"
},
{
"name": "TA07-345A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-075.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of \"Uninitialized Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ie-element-code-execution(38715)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38715"
},
{
"name": "26817",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26817"
},
{
"name": "1019078",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019078"
},
{
"name": "SSRT071506",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "28036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28036"
},
{
"name": "20071211 ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484890/100/100/threaded"
},
{
"name": "MS07-069",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"name": "ADV-2007-4184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"name": "HPSBST02299",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:4480",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480"
},
{
"name": "TA07-345A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-075.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-5344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-element-code-execution(38715)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38715"
},
{
"name": "26817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26817"
},
{
"name": "1019078",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019078"
},
{
"name": "SSRT071506",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "28036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28036"
},
{
"name": "20071211 ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484890/100/100/threaded"
},
{
"name": "MS07-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"name": "ADV-2007-4184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"name": "HPSBST02299",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:4480",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480"
},
{
"name": "TA07-345A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-075.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-075.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-5344",
"datePublished": "2007-12-12T00:00:00",
"dateReserved": "2007-10-10T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0526
Vulnerability from cvelistv5
Published
2004-06-08 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16102 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108422905510713&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10308 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kurczaba.com/securityadvisories/0405132poc.htm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:25.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-ahref-url-spoofing(16102)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102"
},
{
"name": "20040510 DEEP SEA PHISHING: Internet Explorer / Outlook Express",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108422905510713\u0026w=2"
},
{
"name": "10308",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10308"
},
{
"name": "20040517 Microsoft Internet Explorer ImageMap URL Spoof Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kurczaba.com/securityadvisories/0405132poc.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-ahref-url-spoofing(16102)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102"
},
{
"name": "20040510 DEEP SEA PHISHING: Internet Explorer / Outlook Express",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108422905510713\u0026w=2"
},
{
"name": "10308",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10308"
},
{
"name": "20040517 Microsoft Internet Explorer ImageMap URL Spoof Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kurczaba.com/securityadvisories/0405132poc.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-ahref-url-spoofing(16102)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102"
},
{
"name": "20040510 DEEP SEA PHISHING: Internet Explorer / Outlook Express",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108422905510713\u0026w=2"
},
{
"name": "10308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10308"
},
{
"name": "20040517 Microsoft Internet Explorer ImageMap URL Spoof Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html"
},
{
"name": "http://www.kurczaba.com/securityadvisories/0405132poc.htm",
"refsource": "MISC",
"url": "http://www.kurczaba.com/securityadvisories/0405132poc.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0526",
"datePublished": "2004-06-08T04:00:00",
"dateReserved": "2004-06-03T00:00:00",
"dateUpdated": "2024-08-08T00:24:25.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-7030
Vulnerability from cvelistv5
Published
2007-02-23 01:00
Modified
2024-08-07 20:50
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/435095/30/4710/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/2286 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/18112 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26808 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/435129/30/4710/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:05.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060525 [BuHa-Security] DoS Vulnerability in MS IE 6 SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435095/30/4710/threaded"
},
{
"name": "2286",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2286"
},
{
"name": "18112",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18112"
},
{
"name": "ie-html-tag-parsing-dos(26808)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26808"
},
{
"name": "20060526 Re: [BuHa-Security] DoS Vulnerability in MS IE 6 SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435129/30/4710/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060525 [BuHa-Security] DoS Vulnerability in MS IE 6 SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435095/30/4710/threaded"
},
{
"name": "2286",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2286"
},
{
"name": "18112",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18112"
},
{
"name": "ie-html-tag-parsing-dos(26808)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26808"
},
{
"name": "20060526 Re: [BuHa-Security] DoS Vulnerability in MS IE 6 SP2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435129/30/4710/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060525 [BuHa-Security] DoS Vulnerability in MS IE 6 SP2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435095/30/4710/threaded"
},
{
"name": "2286",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2286"
},
{
"name": "18112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18112"
},
{
"name": "ie-html-tag-parsing-dos(26808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26808"
},
{
"name": "20060526 Re: [BuHa-Security] DoS Vulnerability in MS IE 6 SP2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435129/30/4710/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7030",
"datePublished": "2007-02-23T01:00:00",
"dateReserved": "2007-02-22T00:00:00",
"dateUpdated": "2024-08-07T20:50:05.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4827
Vulnerability from cvelistv5
Published
2007-02-07 20:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2007/Feb/0081.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/archive/1/459172/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/14969 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/459172/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/411585 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070203 Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2007/Feb/0081.html"
},
{
"name": "20070204 Re: Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded"
},
{
"name": "14969",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14969"
},
{
"name": "20070203 Re: Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded"
},
{
"name": "20050924 \"Exploiting the XmlHttpRequest object in IE\" - paper by Amit Klein",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/411585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070203 Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2007/Feb/0081.html"
},
{
"name": "20070204 Re: Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded"
},
{
"name": "14969",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14969"
},
{
"name": "20070203 Re: Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded"
},
{
"name": "20050924 \"Exploiting the XmlHttpRequest object in IE\" - paper by Amit Klein",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/411585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070203 Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2007/Feb/0081.html"
},
{
"name": "20070204 Re: Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded"
},
{
"name": "14969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14969"
},
{
"name": "20070203 Re: Web 2.0 backdoors made easy with MSIE \u0026 XMLHttpRequest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded"
},
{
"name": "20050924 \"Exploiting the XmlHttpRequest object in IE\" - paper by Amit Klein",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/411585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4827",
"datePublished": "2007-02-07T20:00:00",
"dateReserved": "2007-02-07T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4888
Vulnerability from cvelistv5
Published
2006-09-19 21:00
Modified
2024-09-16 23:15
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/28614 | vdb-entry, x_refsource_OSVDB | |
| http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/ | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28614",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28614"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/"
},
{
"name": "20060713 IE \u003c= 6 DoS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-19T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28614",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28614"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/"
},
{
"name": "20060713 IE \u003c= 6 DoS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28614",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28614"
},
{
"name": "http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/",
"refsource": "MISC",
"url": "http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/"
},
{
"name": "20060713 IE \u003c= 6 DoS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4888",
"datePublished": "2006-09-19T21:00:00Z",
"dateReserved": "2006-09-19T00:00:00Z",
"dateUpdated": "2024-09-16T23:15:40.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2006-11-08 22:07
Modified
2024-11-21 00:20
Severity ?
Summary
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
"matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site\u0027s URL in the address bar but causes Internet Explorer to report that the certificate is invalid."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 7 permite a atacantes remotos provocar que un certificado de seguridad de una p\u00e1gina segura, aparezca como inv\u00e1lido mediante un enlace a res://ieframe.dll/invalidcert.htm con el sitio objetivo como argumento, lo que muestra la URL del sitio en la barra de direcciones y hace que el Internet Explorer informe de que el certificado no es v\u00e1lido."
}
],
"id": "CVE-2006-5805",
"lastModified": "2024-11-21T00:20:37.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-08T22:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1017165"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/450722/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1017165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/450722/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake."
}
],
"id": "CVE-2004-2219",
"lastModified": "2024-11-20T23:52:47.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12304"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1010957"
},
{
"source": "cve@mitre.org",
"url": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/8978"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1010957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/8978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17007"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered."
}
],
"id": "CVE-2003-1105",
"lastModified": "2024-11-20T23:46:21.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/813208"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/813208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13029"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-28 00:04
Modified
2024-11-21 00:14
Severity ?
Summary
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference."
},
{
"lang": "es",
"value": "Internet Explorer 6 sobre Windows XP SP2, cuando Outlook est\u00e1 instalado, permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de llamadas a la funci\u00f3n NewDefaultItem de un objeto OVCtl (OVCtl.OVCtl.1) ActiveXm lo cual dispara una dereferencia null."
}
],
"id": "CVE-2006-3910",
"lastModified": "2024-11-21T00:14:41.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-28T00:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27112"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19079"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2915"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27845"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 5.22 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "226A1B77-A80E-4ADE-8318-749CD1AD7CD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data."
}
],
"evaluatorImpact": "The only versions confirmed with this vulnerability are the ones listed in the CPE entry. Other IE Versions may, and probably are, affected but have not been confirmed yet.",
"id": "CVE-2003-1559",
"lastModified": "2024-11-20T23:47:26.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3989"
},
{
"source": "cve@mitre.org",
"url": "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/348360"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/348574"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/9295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/348360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/348574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/9295"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-23 03:28
Modified
2024-11-21 00:24
Severity ?
Summary
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_98 | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | ie | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
"matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*",
"matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*",
"matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6 SP2 y anteriores permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de ciertos HTML malformados, posiblemente afectando a etiquetas base y applet sin argumentos requeridos, lo cual dispara un puntero nulo no referenciado en mshtml.dll."
}
],
"id": "CVE-2006-7030",
"lastModified": "2024-11-21T00:24:13.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-23T03:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2286"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/435095/30/4710/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/435129/30/4710/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18112"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/435095/30/4710/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/435129/30/4710/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26808"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-11 23:02
Modified
2024-11-21 00:08
Severity ?
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 5.1 | |
| microsoft | ie | 5.2.3 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 6.0.2600 | |
| microsoft | internet_explorer | 6.0.2800 | |
| microsoft | internet_explorer | 6.0.2800.1106 | |
| microsoft | internet_explorer | 6.0.2900.2180 | |
| canon | network_camera_server_vb101 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.1:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "4CF91C2F-EE6D-4C9E-8F39-1F632399EC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.2.3:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "EB51F2D6-3CCA-4695-8A92-39999749B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
"matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
"matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*",
"matchCriteriaId": "3665D68D-8E1E-4FA9-97B9-9E099DDE84F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
"matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption."
}
],
"id": "CVE-2006-1188",
"lastModified": "2024-11-21T00:08:15.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-11T23:02:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/18957"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1015900"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/824324"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/435096/30/4710/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1144"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1290"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1296"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/824324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/435096/30/4710/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1773"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-17 01:02
Modified
2024-11-21 00:08
Severity ?
Summary
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the \"Multiple Event Handler Memory Corruption Vulnerability.\""
}
],
"id": "CVE-2006-1245",
"lastModified": "2024-11-21T00:08:24.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-17T01:02:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18957"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19269"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015794"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/984473"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/23964"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/428810/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/453436/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/453554/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/17131"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25292"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/984473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/23964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428810/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/453436/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/453554/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/17131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0.2600 | |
| microsoft | internet_explorer | 6.0.2800.1106 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user\u0027s local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack."
}
],
"id": "CVE-2002-2125",
"lastModified": "2024-11-20T23:42:56.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10180.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/292842"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10180.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/292842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5778"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2024-11-20 23:45
Severity ?
Summary
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
"matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Internet Explorer 6 SP1 para ciertos lenguajes que usan codificaci\u00f3n en dos bytes (como el Japon\u00e9s) permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la propiedad TYPE de una etiqueta OBJECT, una variante de CAN-2003-0344."
}
],
"id": "CVE-2003-0701",
"lastModified": "2024-11-20T23:45:19.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106148101210479\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/334928"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106148101210479\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/334928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12970"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-11 23:02
Modified
2024-11-21 00:08
Severity ?
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
"matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
"matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*",
"matchCriteriaId": "3665D68D-8E1E-4FA9-97B9-9E099DDE84F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow \"window content to persist\" after the user has navigated to another site, aka the \"Address Bar Spoofing Vulnerability.\" NOTE: this is a different vulnerability than CVE-2006-1626."
}
],
"id": "CVE-2006-1192",
"lastModified": "2024-11-21T00:08:16.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-04-11T23:02:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18957"
},
{
"source": "secure@microsoft.com",
"url": "http://securityreason.com/securityalert/670"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015899"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17460"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25557"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1498"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1645"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1725"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1740"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-29 10:02
Modified
2024-11-21 00:10
Severity ?
Summary
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 5 | |
| microsoft | ie | 5.0 | |
| microsoft | ie | 5.0 | |
| microsoft | ie | 5.0 | |
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "A7B6FB02-F15F-486D-8E7C-40830ABDB62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a \"Yes\" approval for executing the control."
}
],
"id": "CVE-2006-2094",
"lastModified": "2024-11-21T00:10:32.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-04-29T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015720"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22351"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17713"
},
{
"source": "cve@mitre.org",
"url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1559"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-30 01:04
Modified
2024-11-21 00:15
Severity ?
Summary
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en el objeto COM DirectAnimation.PathControl (daxctle.ocx) en Microsoft Internet Explorer 6.0 SP1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante una llamada a la funci\u00f3n Spline cuyo primer argumento especifica un n\u00famero grande de puntos."
}
],
"id": "CVE-2006-4446",
"lastModified": "2024-11-21T00:15:58.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-30T01:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21910"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1468"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016764"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28841"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/444504/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19738"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=19"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28608"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/444504/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-09 00:04
Modified
2024-11-21 00:14
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local \"HTML-embedded resource files\" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka \"MMC Redirect Cross-Site Scripting Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Internet Explorer 5.01 y 6 en Microsoft Windows 2000 SP4 permite acceso a \"ficheros de recursos HTML-embedded\" locales en la biblioteca de Consola de Administraci\u00f3n de Microsoft (MMC), que permite a atacantes remotos autenticados ejecutar comandos de su elecci\u00f3n, tambi\u00e9n conocido como \"Vulnerabilidad de redirecci\u00f3n de secuencias de comandos en sitios cruzados de MMC\""
}
],
"id": "CVE-2006-3643",
"lastModified": "2024-11-21T00:14:05.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-09T00:04:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/21401"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1016655"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/927548"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/19417"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/3213"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28005"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/927548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-11 05:00
Modified
2024-11-20 23:40
Severity ?
Summary
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka \"Encoded Characters Information Disclosure.\""
}
],
"id": "CVE-2002-1186",
"lastModified": "2024-11-20T23:40:46.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10039.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/7845"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5610"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10039.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/7845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-12-11 05:00
Modified
2024-11-20 23:33
Severity ?
Summary
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:4.x:*:*:*:*:*:*:*",
"matchCriteriaId": "45091F51-BA28-4FEB-9F84-58AC2E1DB48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*",
"matchCriteriaId": "B0DCFCBD-8EDF-47B5-823F-5E05CD22AF4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer\u0027s security settings and execute arbitrary commands via a malicious web page or email, aka the \"Microsoft VM ActiveX Component\" vulnerability."
}
],
"id": "CVE-2000-1061",
"lastModified": "2024-11-20T23:33:55.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2000-12-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-14 11:03
Modified
2024-11-21 00:00
Severity ?
Summary
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the \"COM Object Instantiation Memory Corruption Vulnerability,\" a different vulnerability than CVE-2005-2127."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante una p\u00e1gina web con CLSIDs incrustados que hacen referencia ciertos objetos COM que no est\u00e1n pensados para ser usados con con Internet Explorer, tcc una variante de la \"Vulnerabilidad de Corrupci\u00f3n de Memoria por Instanciamiento de Objeto COM\", una vulnerabilidad diferente de CVE-2005-2127."
}
],
"id": "CVE-2005-2831",
"lastModified": "2024-11-21T00:00:31.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-14T11:03:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/15368"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/18064"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/18311"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1015348"
},
{
"source": "secure@microsoft.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/21763"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15827"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"source": "secure@microsoft.com",
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23453"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1426"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1475"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1520"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1543"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1558"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-347A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1597"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-02 21:18
Modified
2024-11-21 00:24
Severity ?
Summary
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 7 | |
| microsoft | ie | 7 | |
| microsoft | ie | 7 | |
| microsoft | ie | 7 | |
| microsoft | ie | 7.0 | |
| microsoft | ie | 7.0 | |
| microsoft | ie | 7.0 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 6.0.2600 | |
| microsoft | internet_explorer | 6.0.2800 | |
| microsoft | internet_explorer | 6.0.2800.1106 | |
| microsoft | internet_explorer | 6.0.2900 | |
| microsoft | internet_explorer | 6.0.2900.2180 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| canon | network_camera_server_vb101 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:microsoft_windows_server_2003_sp1:*:*:*:*:*",
"matchCriteriaId": "12D23F59-5C49-4DE0-85E8-15287140660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "CD115D64-87D8-4868-B247-16B83591B7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_server_2003:*:*:*:*:*",
"matchCriteriaId": "11A09F26-5FE3-4879-9FCB-769F8FB3D067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
"matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*",
"matchCriteriaId": "B1D7486F-1B6C-4705-B73C-F763F36F5150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*",
"matchCriteriaId": "6DBFDCF4-ACC7-4196-BA4D-2A35FAA5E1F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*",
"matchCriteriaId": "5E49636B-A425-4595-9663-A22A9F7C7D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
"matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*",
"matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*",
"matchCriteriaId": "3665D68D-8E1E-4FA9-97B9-9E099DDE84F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server:*:*:*:*:*",
"matchCriteriaId": "8D4BD1B0-8A91-4ED2-9C0D-BF87D18A01C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
"matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windowsxp:*:*:*:*:*",
"matchCriteriaId": "DACE76B0-02BC-4624-A21E-405A893D7437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_2000:*:*:*:*:*",
"matchCriteriaId": "09A21D9F-6F51-4761-B7DB-E79CE60A0E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_xp:*:*:*:*:*",
"matchCriteriaId": "BA04D0A1-23AE-4C0F-8FE3-FD88D75CDA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:windows_xp:*:*:*:*:*",
"matchCriteriaId": "B0BFE49F-932B-469C-9B3C-5011D093E1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "A53E9D33-ECCD-428B-A117-3EB04B9554C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7:*:windows_server_2003:*:*:*:*:*",
"matchCriteriaId": "5B5F31E2-2060-45BC-9724-A447544905E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "73C3794B-E4B8-4AFB-9025-EDC5A2F44586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "574EE6CB-7AF4-4DE2-B668-36BBCB19FCC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "BE2858A5-C9BF-40D8-B3D2-056562BF1C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
"matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "4A33815E-5D85-4F0E-A4D1-DB31A64C8801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF4D6428-CD8B-4155-A876-89B0938AC02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de un IFRAME con ciertos archivos XML y plantillas de estilo XSL que disparan una cauda en mshtml.dll cuando un se llama se solicita un refresco de cotenido, probablemente a un puntero de referencia nula."
}
],
"id": "CVE-2006-7065",
"lastModified": "2024-11-21T00:24:18.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-02T21:18:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/19364"
},
{
"source": "cve@mitre.org",
"url": "http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/19364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2024-11-20 23:43
Severity ?
Summary
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka \"Modal Dialog script execution.\""
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 5.01, 5.5 y 6.0 no comprueba adecuadamente el par\u00e1metro de entrada de hoja de estilo en cascada (CSS) en di\u00e1logos modales, lo que permite a atacantes remotos leer ficheros en el sistema local mediante una p\u00e1gina web que contenga script que cree un di\u00e1logo y entonces acceda a los ficheros objetivo, tambi\u00e9n conocida como \"Ejecuci\u00f3n de script en di\u00e1logos modales - Modal Dialog script execution\"."
}
],
"id": "CVE-2003-0116",
"lastModified": "2024-11-20T23:43:59.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-05-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/244729"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/301945"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/6306"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/244729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/301945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/6306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-13 19:06
Modified
2024-11-21 00:08
Severity ?
Summary
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection."
}
],
"id": "CVE-2006-1303",
"lastModified": "2024-11-21T00:08:32.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-06-13T19:06:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20595"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1016291"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/26442"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/437041/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18328"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26774"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1135"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1767"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1830"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1928"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1973"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/437041/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2017"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-15 20:11
Modified
2024-11-21 00:03
Severity ?
Summary
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | windows_2003_server | r2 | |
| microsoft | windows_xp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*",
"matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the \"Delete\" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE."
},
{
"lang": "es",
"value": "mshtml.dll en Microsoft Windows XP, Server 2003, e Internet Explorer 6.0 SP1, permite a atacantes causar una denegaci\u00f3n de servicio (violaci\u00f3n de acceso) causando que mshtml.dll procese eventos de foco de bot\u00f3n al mismo tiempo que un documento se est\u00e1 recargando, como se ha visto en Microsoft Office InfoPath 2003 haciendo clic repetidamente en el bot\u00f3n \"Borrar\" en una secci\u00f3n repetitiva en un formulario.\r\nNOTA: La operaci\u00f3n normal de InfoPath parece conllevar un usuario local sin l\u00edmites de privilegios, por lo que esto puede no ser una vulnerabilidad de Infopath. Si no existen escenarios realistas con este problema en otros productos, entonces quiz\u00e1s deber\u00eda ser exclido de CVE."
}
],
"id": "CVE-2005-4269",
"lastModified": "2024-11-21T00:03:50.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-15T20:11:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://support.microsoft.com/kb/908233/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.microsoft.com/kb/908233/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with \"::{\" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using \"Save As\" and Internet Explorer prepares an error message with an attacker-controlled format string."
}
],
"id": "CVE-2004-2434",
"lastModified": "2024-11-20T23:53:20.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1010491"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/8335"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1010491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/8335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16420"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-08 23:04
Modified
2024-11-21 00:14
Severity ?
Summary
Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka \"COM Object Instantiation Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 5.01 y 6 no maneja adecuadamente objetos COM no inicializados, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n, como ha sido demostrado por la funci\u00f3n Nth en el control ActiveX DirectAnimation.DATuple, tambi\u00e9n conocido como \"Vulnerabilidad de Corrupci\u00f3n de Memoria en la Instanciaci\u00f3n de Objetos COM\"."
}
],
"id": "CVE-2006-3638",
"lastModified": "2024-11-21T00:14:05.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-08T23:04:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21396"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1016663"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/27852"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/442728/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/19340"
},
{
"source": "secure@microsoft.com",
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-09.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/442728/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-09.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A719"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-12 23:07
Modified
2024-11-21 00:14
Severity ?
Summary
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | 64-bit | |
| microsoft | windows_2003_server | itanium | |
| microsoft | windows_2003_server | r2 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",
"matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*",
"matchCriteriaId": "D2CA1674-A8A0-479A-9D80-344D3C563A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*",
"matchCriteriaId": "0808041A-CE1A-433A-9C2B-019097CCFB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
"matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
"matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00f3n en URLMON.DLL en Microsoft Internet Explorer 6 SP1 sobre Windows 2000 y XP SP1, con versiones del parche MS06-042 anterior a 12/09/2006, permite a un atacante remoto provocar denegaci\u00f3n de servicio(caida) o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una URL grande en un sitio web GZIP-codificado que fue el objetivo de una redirecci\u00f3n HTTP, debido a un arreglo incompleto del CVE-2006-3869."
}
],
"id": "CVE-2006-3873",
"lastModified": "2024-11-21T00:14:37.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-12T23:07:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://research.eeye.com/html/advisories/published/AD20060912.html"
},
{
"source": "secure@microsoft.com",
"url": "http://securityreason.com/securityalert/1555"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1016839"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"URL Repurposed"
],
"url": "http://weblog.infoworld.com/techwatch/archives/007870.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/30834"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/445835/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/19987"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.eeye.com/html/advisories/published/AD20060912.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"URL Repurposed"
],
"url": "http://weblog.infoworld.com/techwatch/archives/007870.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445835/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-22 18:30
Modified
2024-11-21 01:05
Severity ?
Summary
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:*:*:mac\\+os:*:*:*:*:*",
"matchCriteriaId": "0707D29A-7F34-49F5-B301-66E6AB0910BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:*:*:mobile:*:*:*:*:*",
"matchCriteriaId": "5307C089-099E-4E5B-B19E-2880C9FAA4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:2.0:*:mac\\+os:*:*:*:*:*",
"matchCriteriaId": "88771C30-6BF2-4D37-8EFA-0EECF55EC080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:2.0_beta:*:mac\\+os:*:*:*:*:*",
"matchCriteriaId": "DF0BFC00-6549-431F-BE37-E4509A13162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:3.0:*:mac\\+os:*:*:*:*:*",
"matchCriteriaId": "D94D0C3A-FAE3-4EE3-9B58-D2ADB98661F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:3.0:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "2277E59E-D981-4D9D-8FC0-F124FB8B9C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:3.0.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "731F2F05-A1BB-4BE8-B761-EE04ED6ABBE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:3.01:*:mac\\+os:*:*:*:*:*",
"matchCriteriaId": "0FAE41C7-AACF-40F0-A818-AD77F5FC2E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:3.1:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "C6CB69E1-189F-425C-9023-DE2741669507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:mac\\+os:*:*:*:*:*",
"matchCriteriaId": "ACAAD50F-B9F0-4CD8-B681-A8F889E95946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "B1C0170E-9574-4C90-94F3-F2C2851E2917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "D0BDA2A8-EBB9-47AB-9DA0-5C24527F7210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EB817B2B-6F65-4989-9177-153518F32894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "D4A15873-B3D2-4017-99CF-E3625FD227F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "5680FE7F-95EE-46B2-B930-4A3DC27FD1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "ACC3A8B3-4E8C-46BD-965C-4EF655B9018D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "F7739338-DAE1-403F-B22C-2CFAC884E09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0a:*:mac\\+os:*:*:*:*:*",
"matchCriteriaId": "D33EA2D3-B139-42E3-A0EE-F5CEE1A5CDE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "D45C47A8-8B5F-4A49-8B36-FCBA09029375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "0CFF1B46-BEDD-4D96-90EA-EE4376AFCAF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "84730D4D-7887-4A64-8C76-F50C85309FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.5:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "822AC264-EF4E-4CEC-A210-74166883A8B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.5:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "55EAB232-C39A-4737-85F3-3D727C727F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.x:*:*:*:*:*:*:*",
"matchCriteriaId": "45091F51-BA28-4FEB-9F84-58AC2E1DB48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:mac\\+os:*:*:*:*:*",
"matchCriteriaId": "77C7AB44-B436-48D7-B9CE-ED4B40FE8E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:macos:*:*:*:*:*",
"matchCriteriaId": "D3F350E9-3677-43B3-984F-DA39397D6885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:mobile:*:*:*:*:*",
"matchCriteriaId": "A71EC272-AA18-4D4D-B8E5-B9FC6D8E7DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "D2CFDA81-A703-4330-88B0-F3F18B3BB7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "9CD5EAB0-B400-41C6-B96E-B7594DB0226F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C26125C2-2476-43E8-8878-8C1A5A8B244F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "FED6949F-54D0-4D36-B6A8-59EBFA2611E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0_ta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A086C4BD-F015-45F9-AF24-763F0FDF4268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.1:*:mac\\+os:*:*:*:*:*",
"matchCriteriaId": "7CCA85F0-B084-4788-81FD-7E22B6905468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.1:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "4CF91C2F-EE6D-4C9E-8F39-1F632399EC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.01:*:windows_server_2003:*:*:*:*:*",
"matchCriteriaId": "C81BBD0A-0A4D-4238-9526-3738DAE69E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.1.1:*:mac\\+os:*:*:*:*:*",
"matchCriteriaId": "1B4B8AA3-5DA4-4E90-8939-1E1B834BD321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.1.7:*:mac\\+os:*:*:*:*:*",
"matchCriteriaId": "B1096B7C-07C8-4EA0-BD2F-11844D424EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.2:*:mac\\+os:*:*:*:*:*",
"matchCriteriaId": "E078D001-060D-46A6-B339-4C6D56E7E675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.2.3:*:mac\\+os:*:*:*:*:*",
"matchCriteriaId": "BBEC9FD1-62D9-4F2C-928B-B1292FD784A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.2.3:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "EB51F2D6-3CCA-4695-8A92-39999749B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "226A1B77-A80E-4ADE-8318-749CD1AD7CD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*",
"matchCriteriaId": "B0DCFCBD-8EDF-47B5-823F-5E05CD22AF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:microsoft_windows_server_2003_sp1:*:*:*:*:*",
"matchCriteriaId": "12D23F59-5C49-4DE0-85E8-15287140660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "CD115D64-87D8-4868-B247-16B83591B7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_server_2003:*:*:*:*:*",
"matchCriteriaId": "11A09F26-5FE3-4879-9FCB-769F8FB3D067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
"matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_2000:*:*:*:*:*",
"matchCriteriaId": "0FBE3FC4-569D-4855-A8C2-AA5B19347C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*",
"matchCriteriaId": "B1D7486F-1B6C-4705-B73C-F763F36F5150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*",
"matchCriteriaId": "6DBFDCF4-ACC7-4196-BA4D-2A35FAA5E1F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*",
"matchCriteriaId": "5E49636B-A425-4595-9663-A22A9F7C7D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
"matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BF527-F6EB-4E46-9B33-B97795CCF74E",
"versionEndIncluding": "6.0.2900.2180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F62AC866-A06F-47DB-AEDF-E345CE0B14A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0AF9C64F-9A67-4BA9-A653-75507935E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D82B89-456D-41CB-A894-B6A22FB4415D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2E21CE6E-2B33-4225-B1DC-C19F1D578040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.308:*:*:*:*:*:*:*",
"matchCriteriaId": "0A652453-AB5F-405C-ABDE-CE1B54FEACED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.520:*:*:*:*:*:*:*",
"matchCriteriaId": "141080AB-48DE-4885-BAB6-6F0937ABD49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1155:*:*:*:*:*:*:*",
"matchCriteriaId": "EB758D76-B7F6-4E87-B88D-620443655CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1158:*:*:*:*:*:*:*",
"matchCriteriaId": "28655AC5-1512-4F45-9963-CA26F73981CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1215:*:*:*:*:*:*:*",
"matchCriteriaId": "C00F4F36-B88A-4FDB-BE52-83C6EF60BDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1300:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC05584-F553-4D29-9C46-C9EE5F0CB166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3F79B8-512A-4B88-868C-7C4ADFD223C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:*:*:*:*:*:*:*",
"matchCriteriaId": "078C3A86-C9F8-4A19-9DDC-1065B54E640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9030923C-356E-4FAB-8E64-03D462B4DB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0FFABC-8BED-4838-85FE-406DC9CF9B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DB4A00-4F70-4189-81BD-9318C52DF2D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FBFE8C8E-F46C-4179-AE83-CE4720C8E0E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:*:*:*:*:*:*:*",
"matchCriteriaId": "61125B09-23AA-4D5A-8332-6B5CCD80C7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:*:*:*:*:*:*:*",
"matchCriteriaId": "3AECF59F-B3C0-44CC-B77A-30E32B3E8BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2516.1900:*:*:*:*:*:*:*",
"matchCriteriaId": "4E215C82-E4AD-4B87-92D8-DD4D486EB6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500:*:*:*:*:*:*:*",
"matchCriteriaId": "D91F4C80-3B1B-45BD-966F-C9DBF98B875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800:*:*:*:*:*:*:*",
"matchCriteriaId": "F65E0DC1-40F6-4252-945A-A972343D1E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC57519-AD96-4ECF-A5B2-4E45F7D55298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "37DE3DE6-A355-41F2-BF5E-E7526449E753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB24B4F-44FF-4F0F-90FA-240A34B9599F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106:*:*:*:*:*:*:*",
"matchCriteriaId": "919A6551-DB18-49BD-AB92-4C453B3B728F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101:*:*:*:*:*:*:*",
"matchCriteriaId": "C512DAB3-2720-42D2-B27E-28F30FE0FE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90458F-1F2B-4F4C-88C6-4B670787D126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2EFDB4-97C2-4DDF-8A65-FCFB60FCB540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "4A99CDC7-9341-4DFB-BB18-FF06C05FF9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.3825.1300:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA6BA38-8B3B-4B9A-95BF-BCD412DD83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4030.2400:*:*:*:*:*:*:*",
"matchCriteriaId": "01BD2A05-3FCE-4C5D-8228-968630F27E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0100:*:*:*:*:*:*:*",
"matchCriteriaId": "4430779C-C678-4950-AE9E-82CDFC1A08D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0600:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0EC334-AEAD-43CA-A609-C027060F4F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4308.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF320BE-F022-4E0E-9815-B8AEED87B384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4522.1800:*:*:*:*:*:*:*",
"matchCriteriaId": "75532B2D-6814-4D20-8AEB-E7DFD66B6423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4807.2300:*:*:*:*:*:*:*",
"matchCriteriaId": "83802E30-8E7D-4CAB-B8FC-10056CF833D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer v6.0.2900.2180 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria y CPU) a trav\u00e9s de un argumento de cadena de caracteres Unicode larga para el m\u00e9todo de escritura, siendo un asunto relacionado con CVE-2009-2479."
}
],
"id": "CVE-2009-2576",
"lastModified": "2024-11-21T01:05:12.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-22T18:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/3338/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/505092/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/505120/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/505122/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/3338/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/505092/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/505120/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/505122/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the \"URL Decoding Zone Spoofing Vulnerability.\""
}
],
"id": "CVE-2005-0054",
"lastModified": "2024-11-20T23:54:18.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110796851002781\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/580299"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19214"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110796851002781\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/580299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-19 21:07
Modified
2024-11-21 00:17
Severity ?
Summary
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:*:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "66815960-CEFF-477A-A147-963A112206CF",
"versionEndIncluding": "6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (aplicaci\u00f3n que no responde) v\u00eda un elemento INPUT HTML con formato CSS dentro de un elemento DIV que tiene un tama\u00f1o mayor que el INPUT."
}
],
"id": "CVE-2006-4888",
"lastModified": "2024-11-21T00:17:02.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-19T21:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html"
},
{
"source": "cve@mitre.org",
"url": "http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28614"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-11 05:00
Modified
2024-11-20 23:40
Severity ?
Summary
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka \"Cross Domain Verification via Cached Methods.\""
}
],
"id": "CVE-2002-1254",
"lastModified": "2024-11-20T23:40:54.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103530131201191\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.greymagic.com/adv/gm012-ie/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/n-018.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10435.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10436.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10437.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10438.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10439.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/6028"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10432"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103530131201191\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.greymagic.com/adv/gm012-ie/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/n-018.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10435.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10436.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10437.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10438.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10439.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/6028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-10 21:00
Modified
2024-11-21 01:04
Severity ?
Summary
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 8.0b | |
| microsoft | internet_explorer | 7 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0.5730 | |
| microsoft | internet_explorer | 7.0.5730.11 | |
| microsoft | internet_explorer | 7.00.5730.1100 | |
| microsoft | internet_explorer | 7.00.6000.16386 | |
| microsoft | internet_explorer | 7.00.6000.16441 | |
| microsoft | internet_explorer | 8.0.6001 | |
| microsoft | internet_explorer | 8.0.6001 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:8.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "587DAAD1-F33D-41EB-B752-36B9D87FC19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*",
"matchCriteriaId": "817636ED-5E42-460E-89F1-24D5C64AB8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*",
"matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*",
"matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*",
"matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:*:*:*:*:*:*:*",
"matchCriteriaId": "5F709B61-F64B-4E8F-80BB-4944485B6125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*",
"matchCriteriaId": "612B8367-DAEF-4EE3-BC57-16A5CF4D3030",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el m\u00e9todo AddFavorite en Microsoft Internet Explorer permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue de aplicaci\u00f3n) y posiblemente tiene otro impacto no especificado a trav\u00e9s de una URL larga en el primer argumento."
}
],
"id": "CVE-2009-2433",
"lastModified": "2024-11-21T01:04:51.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-10T21:00:00.313",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9100"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35620"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-09 11:55
Modified
2024-11-21 01:37
Severity ?
Summary
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:10:consumer_preview:*:*:*:*:*:*",
"matchCriteriaId": "AD1E2761-48DA-444F-BC45-44F1401322F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "314538E8-48EC-4869-9074-2A1F5B7CBB3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*",
"matchCriteriaId": "F56B3A72-7C5E-4F0C-BBC7-AA13DDFBEE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2600.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "6876CE89-AA70-44C5-8A69-E2ED7A63F570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE2555F-C4BE-482F-8DD9-976D2026058C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "61F352FE-C22E-4B33-A46F-77A164B5DABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "5ACD5A44-0926-4A1B-9900-1E7CC0A561C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3718.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "196CEE37-2E3A-41A7-9AC1-0D5CC3F35D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "3E16BEF4-71AA-4E23-B438-D25FFABDB646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*",
"matchCriteriaId": "1F32702E-F955-4DDB-B235-7C47E882453C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA2B4AD-C04D-4A6B-8570-5A2F5489F750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*",
"matchCriteriaId": "817636ED-5E42-460E-89F1-24D5C64AB8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*",
"matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*",
"matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*",
"matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:*:*:*:*:*:*:*",
"matchCriteriaId": "5F709B61-F64B-4E8F-80BB-4944485B6125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*",
"matchCriteriaId": "612B8367-DAEF-4EE3-BC57-16A5CF4D3030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
"matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer v6 a v9, y v10 Consumer Preview, permite a atacantes remotos eludir el modo protegido o causar una denegaci\u00f3n de servicio (por corrupci\u00f3n de memoria), aprovechando el acceso a un proceso de baja integridad, como lo demostr\u00f3 VUPEN durante una competencia Pwn2Own en CanSecWest 2012"
}
],
"id": "CVE-2012-1545",
"lastModified": "2024-11-21T01:37:12.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-03-09T11:55:01.193",
"references": [
{
"source": "cve@mitre.org",
"url": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars"
},
{
"source": "cve@mitre.org",
"url": "http://pwn2own.zerodayinitiative.com/status.html"
},
{
"source": "cve@mitre.org",
"url": "http://twitter.com/vupen/statuses/177895844828291073"
},
{
"source": "cve@mitre.org",
"url": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pwn2own.zerodayinitiative.com/status.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://twitter.com/vupen/statuses/177895844828291073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "E69D0E21-8C62-403E-8097-2CA403CBBB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "5D42E51C-740A-4441-8BAF-D073111B984C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "74AD256D-4BCE-41FB-AD73-C5C63A59A06D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*",
"matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
"matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*",
"matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*",
"matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*",
"matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
"matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the \"Drag-and-Drop Vulnerability.\""
},
{
"lang": "es",
"value": "Internet Explorer 5.01, 5.5 y 6 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario mediante eventos de arrastrar y soltar, tambi\u00e9n conocidos como \"Vulnerabilidad de arrastrar y soltar\"."
}
],
"id": "CVE-2005-0053",
"lastModified": "2024-11-20T23:54:18.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/698835"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11466"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19117"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1334"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2046"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2953"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3006"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4726"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/698835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4864"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-10 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka \"Web Folder Behaviors Cross-Domain Vulnerability\"."
}
],
"id": "CVE-2005-1989",
"lastModified": "2024-11-20T23:58:33.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-10T04:00:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16373/"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/14512"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2005/1353"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100081"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1319"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A697"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A790"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16373/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/1353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A888"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-06 00:04
Modified
2024-11-21 00:16
Severity ?
Summary
Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser\u0027s session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker\u0027s control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running."
},
{
"lang": "es",
"value": "Internet Explorer 6 sobre Windows XP SP2 permite a un atacante remoto ejecutar c\u00f3digo JavaScript de su elecci\u00f3n en el contexto de una sesi\u00f3n del navegador con un servidor web intranet de su elecci\u00f3n, a trav\u00e9s de una secuencia de comandos de alojamiento de una web sobre un servidor web de Internet puede el atacante puede hacerlo inaccesibley tener un dominio bajo el control del atacante, lo cual puede forzar al navegador disminuir DNS que fija y realizar una nueva pregunta al DNS para el nombre de dominio despu\u00e9s de que la secuencia de comandos est\u00e9 ya funcionando."
}
],
"id": "CVE-2006-4560",
"lastModified": "2024-11-21T00:16:15.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-06T00:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://polyboy.net/xss/dnsslurp.html"
},
{
"source": "cve@mitre.org",
"url": "http://shampoo.antville.org/stories/1451301/"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/31329"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/443209/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://polyboy.net/xss/dnsslurp.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://shampoo.antville.org/stories/1451301/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/31329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/443209/100/200/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-30 00:19
Modified
2024-11-21 00:29
Severity ?
Summary
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:advanced_server:*:*:*",
"matchCriteriaId": "AA3A09BE-A21F-452A-AD64-D78DF3380832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:datacenter_server:*:*:*",
"matchCriteriaId": "28628E93-4651-4857-A706-DE6FD3580C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:professional:*:*:*",
"matchCriteriaId": "ECC01F98-D6F4-4E85-A955-073E60E90AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:ja:server:*:*:*",
"matchCriteriaId": "CE1C0272-4570-4F11-8414-12CB9D3BCEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:advanced_server:*:*:*",
"matchCriteriaId": "FD093703-ADE8-4E8A-A709-FCDD038C7D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:datacenter_server:*:*:*",
"matchCriteriaId": "035D5A83-D654-413E-8640-622F29B20DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:professional:*:*:*",
"matchCriteriaId": "A55C505B-9947-4265-AD6C-8DE0523B4D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:server:*:*:*",
"matchCriteriaId": "E7A27C63-4B55-461B-8383-1A51688027B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:advanced_server:*:*:*",
"matchCriteriaId": "7614879A-D4A3-47AD-B9ED-BF1215E639A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:datacenter_server:*:*:*",
"matchCriteriaId": "B0311224-650D-4D20-AF33-59928355F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:server:*:*:*",
"matchCriteriaId": "29EA0849-935B-4767-B9CE-3896D0975DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:advanced_server:*:*:*",
"matchCriteriaId": "27E3BBCC-B815-4512-B786-17FFC1C09297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:datacenter_server:*:*:*",
"matchCriteriaId": "54C7B5CA-D37E-4FDE-A900-B9EAE7ACA65F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:professional:*:*:*",
"matchCriteriaId": "1A6229F8-7710-44FE-93DA-47AA4E09179E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:server:*:*:*",
"matchCriteriaId": "AA73DF99-991C-4677-AAB7-C19FAB4405D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:advanced_server:*:*:*",
"matchCriteriaId": "50A1A0E5-40BD-437C-A3F0-CC4BA3186DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:datacenter_server:*:*:*",
"matchCriteriaId": "B5A46321-D38D-49CD-9A3A-AC1D9946EB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:professional:*:*:*",
"matchCriteriaId": "47087873-68DF-418C-BFCD-5E8234560CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:server:*:*:*",
"matchCriteriaId": "B7799481-E15D-4DAF-8EE7-63CECD0DF93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp2:*:*:professional:*:*:*",
"matchCriteriaId": "4F2339C6-3BAA-48DD-BE2C-EA4271F35772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:datacenter:*:*:*",
"matchCriteriaId": "865CC1A8-4FCA-49EC-B402-56AB27BF8AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "A2166C33-6596-433D-8510-9A90B1679C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:standard:*:*:*",
"matchCriteriaId": "9BC12FB3-5FCE-467F-B738-9D89B328BF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:web_edition:*:*:*",
"matchCriteriaId": "76BD407C-26BE-4C0E-9536-B93F1DA64124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "24F477B8-F69D-4F2D-9045-D2D453F3C222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:business:*:*:*",
"matchCriteriaId": "6F7D5E7E-ABB8-4F0F-B1B4-93590933C124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:december_ctp:*:*:*",
"matchCriteriaId": "49BBAFF8-FB79-44A6-8334-D0FA6B896495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "FFAF1539-A847-4F54-B0EB-039E9BFF2562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:home_basic:*:*:*",
"matchCriteriaId": "99A41253-6047-4060-A966-454A46ECD415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:home_premium:*:*:*",
"matchCriteriaId": "99FCD96E-986C-4AD6-865C-CACE9FCA4E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "63A83ABE-7DB1-4A5E-9FA7-A273DCD65DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:beta1:*:*:*:*:*:*",
"matchCriteriaId": "28550D88-BD1A-464C-83C1-0EEC97FAA1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:beta2:*:*:*:*:*:*",
"matchCriteriaId": "584B16B3-6EA0-4C20-91BD-D988C667D89E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:home:*:*:*",
"matchCriteriaId": "82E4DD01-9720-4072-899C-3F0953490F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:media_center:*:*:*",
"matchCriteriaId": "BB64666D-8DC2-4CF9-B6B6-98B97DA17F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:professional:*:*:*",
"matchCriteriaId": "B4F42327-FE64-4462-B354-95E9B2CDDAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:tablet_pc:*:*:*",
"matchCriteriaId": "A5EEE1A0-CD79-4458-8E6C-705F705AA06C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
"matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD86898-37BB-46C6-AC7E-0A733398E2D7",
"versionEndIncluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB0BA4C-BA48-4DDA-917E-9EA9E04A898F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en Microsoft Windows 2000 SP4 hasta Windows Vista permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (reinicio persistente) por medio de un archivo ANI malformado, lo que resulta en una corrupci\u00f3n de memoria durante el procesamiento de cursores, cursores animados e iconos, un problema similar al CVE-2005-0416, como se demostr\u00f3 originalmente usando Internet Explorer versiones 6 y 7. NOTA: este problema podr\u00eda ser un duplicado del CVE-2007-0038; si es as\u00ed, utilizar el CVE-2007-0038 en lugar de este identificador."
}
],
"id": "CVE-2007-1765",
"lastModified": "2024-11-21T00:29:05.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-30T00:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://vil.nai.com/vil/content/v_141860.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.avertlabs.com/research/blog/?p=230"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.avertlabs.com/research/blog/?p=233"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/23194"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1017827"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://vil.nai.com/vil/content/v_141860.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.avertlabs.com/research/blog/?p=230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.avertlabs.com/research/blog/?p=233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/23194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1017827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1151"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-12 20:17
Modified
2024-11-21 00:36
Severity ?
Summary
Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:4.x:*:*:*:*:*:*:*",
"matchCriteriaId": "45091F51-BA28-4FEB-9F84-58AC2E1DB48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C26125C2-2476-43E8-8878-8C1A5A8B244F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "FED6949F-54D0-4D36-B6A8-59EBFA2611E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0_ta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A086C4BD-F015-45F9-AF24-763F0FDF4268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*",
"matchCriteriaId": "B0DCFCBD-8EDF-47B5-823F-5E05CD22AF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 4.0 hasta 7 permite a atacantes remotos determinar la existencia de archivos locales que tienen im\u00e1genes asociadas mediante un URI res:// en la propiedad src de un objeto Image de JavaScript, como se ha demostrado con el URI de un recurso de imagen bitmap dentro de un archivo (1) .exe o (2) .dll."
}
],
"id": "CVE-2007-4848",
"lastModified": "2024-11-21T00:36:35.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-09-12T20:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37638"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-15 15:07
Modified
2024-11-21 00:21
Severity ?
Summary
Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
"matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site\u0027s URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a \"The webpage no longer exists\" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 7 permite a un atacante remoto a (1) provocar un certificado de seguridad desde un sitio web seguro aparece inv\u00e1lido a trav\u00e9s de un enlace a res://ieframe.dll/sslnavcancel.htm con \t\r\nel sitio objetivo en el identificador anchor, que exhibe el URL del sitio en la barra de direcci\u00f3n pero el Internet Explorer informa que el certificado es inv\u00e1lido, o (2) dispara \u201cla p\u00e1gina Web no existe\u201d a trav\u00e9s de un enlace a res://ieframe.dll/http_410.htm, una variante de CVE-2006-5805."
}
],
"id": "CVE-2006-5913",
"lastModified": "2024-11-21T00:21:05.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-15T15:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.blogger.com/comment.g?blogID=15069726\u0026postID=116257593427394541"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/450825/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.blogger.com/comment.g?blogID=15069726\u0026postID=116257593427394541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/450825/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE."
}
],
"id": "CVE-2004-2383",
"lastModified": "2024-11-20T23:53:13.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.idefense.com/application/poi/display?id=77\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9761"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.idefense.com/application/poi/display?id=77\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15337"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-12-22 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 4.5 | |
| microsoft | outlook_express | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:4.5:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "55EAB232-C39A-4737-85F3-3D727C727F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:5.0:*:macos:*:*:*:*:*",
"matchCriteriaId": "0C607D22-B01D-4404-9657-0D322CE59B0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the \"HTML Mail Attachment\" vulnerability."
}
],
"id": "CVE-2000-0036",
"lastModified": "2024-11-20T23:31:34.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-12-22T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ249082"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ249082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-12 23:00
Modified
2024-11-21 00:41
Severity ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*",
"matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "574EE6CB-7AF4-4DE2-B668-36BBCB19FCC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "BE2858A5-C9BF-40D8-B3D2-056562BF1C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_sp2:*:*:*:*:*",
"matchCriteriaId": "75234062-241B-421A-B7BC-610A5B0D8EF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_sp2_itanium:*:*:*:*:*",
"matchCriteriaId": "82D6ABD4-C607-44E8-8D84-25406AE0F3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_x64_edition:*:*:*:*:*",
"matchCriteriaId": "379FE901-58AC-4F47-9B3B-9A40D723CC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_x64_edition_sp2:*:*:*:*:*",
"matchCriteriaId": "EC18DBBB-9C9E-4532-B390-92C35E52943A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_xp_professional_x64_edition:*:*:*:*:*",
"matchCriteriaId": "49C8060E-CFB9-4EEA-B5B9-B7607B046AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_xp_professional_x64_edition_sp2:*:*:*:*:*",
"matchCriteriaId": "FB17CABD-21BE-454F-9602-19DB444A574C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp1_itanium:*:*:*:*:*",
"matchCriteriaId": "AB202F47-248D-4290-955F-D1304C6F2395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp2:*:*:*:*:*",
"matchCriteriaId": "3994AE83-EC42-4893-AF51-BC98F35A53CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp2_itanium:*:*:*:*:*",
"matchCriteriaId": "33F4B074-7BA5-4A36-A866-945D771D2EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_x64_edition:*:*:*:*:*",
"matchCriteriaId": "491333D2-FDB1-4FC8-B54C-19E06B57FC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_x64_edition_sp2:*:*:*:*:*",
"matchCriteriaId": "E8453618-EDD7-41F4-840E-AA323A873B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_vista:*:*:*:*:*",
"matchCriteriaId": "E5E8CC5B-B8E9-4B54-AE32-4632E77F0320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_vista_x64:*:*:*:*:*",
"matchCriteriaId": "EA7D9655-718E-42D6-9752-64BA3AAC5546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_xp_professional_x64_edition:*:*:*:*:*",
"matchCriteriaId": "8E5B894F-6E15-46DA-93B4-EAB9468D37A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_xp_professional_x64_edition_sp2:*:*:*:*:*",
"matchCriteriaId": "CCE0AF0B-DF2A-4F3F-8F5C-0E4056A34229",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka \"HTML Rendering Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no espicificada en Microsoft Internet Explorer 5.01, 6 SP1 y SP2, y 7 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante combinaciones del dise\u00f1o HTML manipuladas, tambi\u00e9n conocido como \"HTML Rendering Memory Corruption Vulnerability.\""
}
],
"id": "CVE-2008-0076",
"lastModified": "2024-11-21T00:41:06.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-12T23:00:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/28903"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/27668"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1019379"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2008/0512/references"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0512/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5487"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:05
Severity ?
Summary
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",
"matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*",
"matchCriteriaId": "14F55877-A759-4C8A-84D5-70508E449799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
"matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
"matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar."
}
],
"id": "CVE-2005-4717",
"lastModified": "2024-11-21T00:05:00.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15268"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-23 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kde | konqueror | 2.1.1 | |
| kde | konqueror | 2.1.2 | |
| kde | konqueror | 2.2.1 | |
| kde | konqueror | 2.2.2 | |
| kde | konqueror | 3.0 | |
| kde | konqueror | 3.0.1 | |
| kde | konqueror | 3.0.2 | |
| kde | konqueror | 3.0.3 | |
| kde | konqueror | 3.0.5 | |
| kde | konqueror | 3.0.5b | |
| kde | konqueror | 3.1 | |
| kde | konqueror | 3.1.1 | |
| kde | konqueror | 3.1.2 | |
| kde | konqueror | 3.1.3 | |
| kde | konqueror | 3.1.4 | |
| kde | konqueror | 3.1.5 | |
| kde | konqueror | 3.2.1 | |
| kde | konqueror | 3.2.3 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0 | |
| mozilla | firefox | 0.9.2 | |
| suse | suse_linux | 1.0 | |
| suse | suse_linux | 8 | |
| suse | suse_linux | 8.1 | |
| suse | suse_linux | 8.2 | |
| suse | suse_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "417F34FB-A6B0-4090-BDC9-6D4C1BF0D3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61416A22-7309-4890-80B8-6E7C09C7BE8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F918814C-F129-4534-921A-38AF678A7016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D435E39F-4F70-481B-9225-B072B79BEB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD68BAB-8945-4A22-938E-12C01D0111D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3220BF-B0AF-4C90-89BD-B425EE58021D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53FB7A-AF7F-45B2-AF23-11B1FC4EC289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "619EB7F6-8694-4344-A4C9-A35DA58391AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7FED2DFC-592C-4FD3-B0B7-C670C78F56DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.0.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC65385-B190-44BE-9AF8-B14F48303046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7BAE27-7AB1-4DBD-98AD-6109F0D9A458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8A54F6-96A9-44B8-97C8-50DA7276708D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1001754B-8EDB-41A2-9D5D-6E2A2B556DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D57D87-3E6A-4A73-85BA-EE679E9DA8D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "60BE888B-FE26-4378-B853-29995A55920C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99E4FC9B-F47C-4BD5-B2C7-23CBAD2D5488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0172B167-5780-4F80-ACC9-2FB8B60D6717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0DB31D-D075-409C-9ED9-A9E1D96332CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*",
"matchCriteriaId": "C7EAAD04-D7C4-43DE-B488-1AAD014B503E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session. NOTE: it was later reported that 2.x is also affected."
},
{
"lang": "es",
"value": "Mozilla Firefox 0.9.2 pemite a sitios web establecer cookies para dominios de nivel superior espec\u00edficos de pa\u00edses, como .ltd.uk, .plc.uk, y .sch.uk, lo que podr\u00eda permitir a atacantes remotos realizar ataques de fijaci\u00f3n de sesi\u00f3n y secuestrar sesiones HTTP de un usuario. NOTA: se ha informado posteriormente que la versi\u00f3n 2.X tambi\u00e9n se encuentra afectada por esta vulnerabilidad."
}
],
"id": "CVE-2004-0867",
"lastModified": "2024-11-20T23:49:34.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12580/"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011331"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11186"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12580/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-11 23:02
Modified
2024-11-21 00:09
Severity ?
Summary
Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property."
}
],
"id": "CVE-2006-1719",
"lastModified": "2024-11-21T00:09:34.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-11T23:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430408/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430431/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430408/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430431/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25852"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-02-18 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "D0BDA2A8-EBB9-47AB-9DA0-5C24527F7210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "D45C47A8-8B5F-4A49-8B36-FCBA09029375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "84730D4D-7887-4A64-8C76-F50C85309FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CDA0E2-DFBD-4EE0-80DC-76AA55ADFEFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the \"VM File Reading\" vulnerability."
}
],
"id": "CVE-2000-0162",
"lastModified": "2024-11-20T23:31:51.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2000-02-18T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-03 05:00
Modified
2024-11-20 23:48
Severity ?
Summary
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el Motor de Instalaci\u00f3n (inseng.dll) de Internet Explorer 5.01, 5.5 y 6 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un sitio web maliciosos o correo electr\u00f3nico HTML."
}
],
"id": "CVE-2004-0216",
"lastModified": "2024-11-20T23:48:01.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109760693512754\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110616383332055\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=110619893620517\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/637760"
},
{
"source": "cve@mitre.org",
"url": "http://www.ngssoftware.com/advisories/msinsengfull.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17620"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109760693512754\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110616383332055\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=110619893620517\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/637760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ngssoftware.com/advisories/msinsengfull.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7865"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-10 19:05
Modified
2024-11-21 00:13
Severity ?
Summary
Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windowsxp:*:*:*:*:*",
"matchCriteriaId": "DACE76B0-02BC-4624-A21E-405A893D7437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_xp:*:*:*:*:*",
"matchCriteriaId": "BA04D0A1-23AE-4C0F-8FE3-FD88D75CDA03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6 en Windows XP, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una tabla con un frameset (conjunto de marcos) como hijo, esto provoca una referencia nula, como se ha demostrado utilizando el m\u00e9todo appendChild."
}
],
"id": "CVE-2006-3471",
"lastModified": "2024-11-21T00:13:41.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-10T19:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26837"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18873"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2701"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27592"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*",
"matchCriteriaId": "B95B2BE4-B4E0-4B77-9999-53B9224F5CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
"matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*",
"matchCriteriaId": "ADEBB882-1C55-4B7B-B4CF-F1B23502FD90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*",
"matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*",
"matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*",
"matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
"matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer on Windows XP does not properly modify the \"Drag and Drop or copy and paste files\" setting when the user sets it to \"Disable\" or \"Prompt,\" which may enable security-sensitive operations that are inconsistent with the user\u0027s intended configuration."
}
],
"id": "CVE-2004-0979",
"lastModified": "2024-11-20T23:49:49.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/630720"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/630720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17820"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-26 17:07
Modified
2024-11-21 00:19
Severity ?
Summary
Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
"matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de truncamiento visual en Microsoft Internet Explorer 7 permite a atacantes remotos suplantar la barra de direcciones y posiblemente conducir ataques de phising mediante una URL maliciosa que contiene espacios non-breaking (%A0), y que causa que la barra de direcciones omita algunos caracteres de la URL."
}
],
"id": "CVE-2006-5544",
"lastModified": "2024-11-21T00:19:40.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-26T17:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://secunia.com/advisories/22542"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017122"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/347188"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30022"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20728"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://secunia.com/advisories/22542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/347188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29827"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-24 20:02
Modified
2024-11-21 00:08
Severity ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors."
}
],
"id": "CVE-2006-1388",
"lastModified": "2024-11-21T00:08:44.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-24T20:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html"
},
{
"source": "cve@mitre.org",
"url": "http://jeffrey.vanderstad.net/grasshopper/"
},
{
"source": "cve@mitre.org",
"url": "http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19378"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015800"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/434641"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24095"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17181"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25394"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1591"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1642"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1676"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1724"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jeffrey.vanderstad.net/grasshopper/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/434641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1774"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-14 00:07
Modified
2024-11-21 00:16
Severity ?
Summary
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00f3n en el DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) para el Internet Explorer 6.0 SP1 en chino y posiblemente en otras distribuciones de, permite a un atacante remoto ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de manipulaciones desconocidas en los argumentos del m\u00e9todo KeyFrame, relacionado posiblemente con un desbordamiento del n\u00famero entero, seg\u00fan lo demostrado por daxctle2, y una vulnerabilidad diferente a la CVE-2006-4446."
}
],
"id": "CVE-2006-4777",
"lastModified": "2024-11-21T00:16:44.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-09-14T00:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21910"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1577"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016854"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/377369"
},
{
"source": "cve@mitre.org",
"url": "http://www.microsoft.com/technet/security/advisory/925444.mspx"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28842"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445898/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/446065/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/446084/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/446085/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/446246/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20047"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3593"
},
{
"source": "cve@mitre.org",
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=2\u0026id=20"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28942"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/377369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.microsoft.com/technet/security/advisory/925444.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445898/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446065/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446084/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446085/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446246/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=2\u0026id=20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1103"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-11 23:02
Modified
2024-11-21 00:08
Severity ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
"matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
"matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*",
"matchCriteriaId": "3665D68D-8E1E-4FA9-97B9-9E099DDE84F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption."
}
],
"id": "CVE-2006-1185",
"lastModified": "2024-11-21T00:08:15.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-11T23:02:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/18957"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1015900"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/503124"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/17450"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/503124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-11 23:05
Modified
2024-11-21 00:13
Severity ?
Summary
danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 6.0.2600 | |
| microsoft | internet_explorer | 6.0.2800 | |
| microsoft | internet_explorer | 6.0.2800.1106 | |
| microsoft | internet_explorer | 6.0.2900.2180 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
"matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "A53E9D33-ECCD-428B-A117-3EB04B9554C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference."
},
{
"lang": "es",
"value": "danim.dll de Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) \t\r\npor acceder a los datos de propiedad de un objeto DirectAnimation DAUserData antes de que sea inicializado, lo cual dispara un puntero a referencia NULL."
}
],
"id": "CVE-2006-3513",
"lastModified": "2024-11-21T00:13:47.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-11T23:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27013"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18902"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2719"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27622"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-02-19 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka \"Improper Cross Domain Security Validation with dialog box.\""
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos evitar el modelo de seguridad entre dominios (cros-domain) para correr script malicioso o programas arbitrarios mediante cuadros de d\u00ed\u00e1logo. Tambi\u00e9n conocida como \"Validac\u00edon de Seguridad Entre Dominios inapropiada con cuadro de di\u00e1logo\"."
}
],
"id": "CVE-2003-1326",
"lastModified": "2024-11-20T23:46:52.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-02-19T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/n-038.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11258.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6779"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/n-038.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11258.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability."
},
{
"lang": "es",
"value": "Internet Explorer 6 SP1 y anteriores permite que atacantes remotos se salten restricciones de seguridad mediante: (1) uso del m\u00e9todo NavigateAndFind para descargar un fichero, (2) uso del m\u00e9todo window.open para cargar un fichero, (3) fijando la propriedad href en el tag base para la ventana _search, (4) cargando la venta de b\u00fasqueda en un Iframe, (5) capturando una URL de javascript en el hist\u00f3rico del navegador."
}
],
"id": "CVE-2003-0816",
"lastModified": "2024-11-20T23:45:35.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10192"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1007687"
},
{
"source": "cve@mitre.org",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/652452"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/771604"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/336937"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1007687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/652452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/771604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/336937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/archive/1/348688 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/9335 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/348688 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9335 | Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script."
}
],
"id": "CVE-2004-2291",
"lastModified": "2024-11-20T23:52:58.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/348688"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/348688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9335"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-12 20:28
Modified
2024-11-21 00:19
Severity ?
Summary
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:*:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "66815960-CEFF-477A-A147-963A112206CF",
"versionEndIncluding": "6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5578."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos la obtenci\u00f3n de informaci\u00f3n sensible a trav\u00e9s de usos sin especificar de la etiqueta de HTML OBJECT, que revela la ruta absoluta de la carpeta TIF correspondiente, tambi\u00e9n conocido como \"TIF Folder Information Disclosure Vulnerability\" y es diferntes a la CVE-2006-5578."
}
],
"id": "CVE-2006-5577",
"lastModified": "2024-11-21T00:19:47.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-12T20:28:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/23288"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1017374"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/30816"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/21507"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/4966"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 4.0 | |
| microsoft | ie | 4.0.1 | |
| microsoft | ie | 4.0.1 | |
| microsoft | ie | 4.1 | |
| microsoft | ie | 4.1 | |
| microsoft | ie | 4.1 | |
| microsoft | internet_explorer | 4.0 | |
| microsoft | internet_explorer | 4.0.1 | |
| microsoft | internet_explorer | 4.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "ACC3A8B3-4E8C-46BD-965C-4EF655B9018D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "F7739338-DAE1-403F-B22C-2CFAC884E09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "D45C47A8-8B5F-4A49-8B36-FCBA09029375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "0CFF1B46-BEDD-4D96-90EA-EE4376AFCAF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "84730D4D-7887-4A64-8C76-F50C85309FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack."
}
],
"id": "CVE-2001-1497",
"lastModified": "2024-11-20T23:37:49.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/7592.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/241323"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/241400"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/7592.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/241323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/241400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3563"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-15 19:30
Modified
2024-11-21 01:04
Severity ?
Summary
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C26125C2-2476-43E8-8878-8C1A5A8B244F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "FED6949F-54D0-4D36-B6A8-59EBFA2611E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "226A1B77-A80E-4ADE-8318-749CD1AD7CD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F62AC866-A06F-47DB-AEDF-E345CE0B14A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0AF9C64F-9A67-4BA9-A653-75507935E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D82B89-456D-41CB-A894-B6A22FB4415D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2E21CE6E-2B33-4225-B1DC-C19F1D578040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.308:*:*:*:*:*:*:*",
"matchCriteriaId": "0A652453-AB5F-405C-ABDE-CE1B54FEACED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.520:*:*:*:*:*:*:*",
"matchCriteriaId": "141080AB-48DE-4885-BAB6-6F0937ABD49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1155:*:*:*:*:*:*:*",
"matchCriteriaId": "EB758D76-B7F6-4E87-B88D-620443655CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1158:*:*:*:*:*:*:*",
"matchCriteriaId": "28655AC5-1512-4F45-9963-CA26F73981CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1215:*:*:*:*:*:*:*",
"matchCriteriaId": "C00F4F36-B88A-4FDB-BE52-83C6EF60BDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1300:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC05584-F553-4D29-9C46-C9EE5F0CB166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.544:*:*:*:*:*:*:*",
"matchCriteriaId": "B108A86E-8387-446C-B823-BE6FCAE747A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3F79B8-512A-4B88-868C-7C4ADFD223C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:*:*:*:*:*:*:*",
"matchCriteriaId": "078C3A86-C9F8-4A19-9DDC-1065B54E640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9030923C-356E-4FAB-8E64-03D462B4DB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0FFABC-8BED-4838-85FE-406DC9CF9B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DB4A00-4F70-4189-81BD-9318C52DF2D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FBFE8C8E-F46C-4179-AE83-CE4720C8E0E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:*:*:*:*:*:*:*",
"matchCriteriaId": "61125B09-23AA-4D5A-8332-6B5CCD80C7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:*:*:*:*:*:*:*",
"matchCriteriaId": "3AECF59F-B3C0-44CC-B77A-30E32B3E8BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2314.1003:*:*:*:*:*:*:*",
"matchCriteriaId": "D4690B85-86B9-448E-9249-B3885DEDC60E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500:*:*:*:*:*:*:*",
"matchCriteriaId": "D91F4C80-3B1B-45BD-966F-C9DBF98B875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800:*:*:*:*:*:*:*",
"matchCriteriaId": "F65E0DC1-40F6-4252-945A-A972343D1E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.3800:*:*:*:*:*:*:*",
"matchCriteriaId": "8C07C1A9-1A94-4653-8C57-6FCFC25854E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC57519-AD96-4ECF-A5B2-4E45F7D55298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "37DE3DE6-A355-41F2-BF5E-E7526449E753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB24B4F-44FF-4F0F-90FA-240A34B9599F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106:*:*:*:*:*:*:*",
"matchCriteriaId": "919A6551-DB18-49BD-AB92-4C453B3B728F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101:*:*:*:*:*:*:*",
"matchCriteriaId": "C512DAB3-2720-42D2-B27E-28F30FE0FE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90458F-1F2B-4F4C-88C6-4B670787D126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2EFDB4-97C2-4DDF-8A65-FCFB60FCB540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "4A99CDC7-9341-4DFB-BB18-FF06C05FF9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.3825.1300:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA6BA38-8B3B-4B9A-95BF-BCD412DD83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4030.2400:*:*:*:*:*:*:*",
"matchCriteriaId": "01BD2A05-3FCE-4C5D-8228-968630F27E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0600:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0EC334-AEAD-43CA-A609-C027060F4F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4308.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF320BE-F022-4E0E-9815-B8AEED87B384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4522.1800:*:*:*:*:*:*:*",
"matchCriteriaId": "75532B2D-6814-4D20-8AEB-E7DFD66B6423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4807.2300:*:*:*:*:*:*:*",
"matchCriteriaId": "83802E30-8E7D-4CAB-B8FC-10056CF833D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "314538E8-48EC-4869-9074-2A1F5B7CBB3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*",
"matchCriteriaId": "F56B3A72-7C5E-4F0C-BBC7-AA13DDFBEE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE2555F-C4BE-482F-8DD9-976D2026058C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "61F352FE-C22E-4B33-A46F-77A164B5DABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "5ACD5A44-0926-4A1B-9900-1E7CC0A561C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "3E16BEF4-71AA-4E23-B438-D25FFABDB646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*",
"matchCriteriaId": "1F32702E-F955-4DDB-B235-7C47E882453C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA2B4AD-C04D-4A6B-8570-5A2F5489F750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*",
"matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*",
"matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*",
"matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an \"SSL tampering\" attack."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer anteriores a v8 utiliza una cabecera HTTP Host para determinar el contexto de un documento proporcionado por una respuesta de CONEXI\u00d3N (1) 4xx o (2) 5xx desde un servidor proxy, lo que permite a los atacantes \"hombre en el medio\" ejecutar arbitrariamente una secuencia de comandos web modificando la respuesta CONEXI\u00d3N, tambi\u00e9n conocida como un ataque \"forzado SSL\"."
}
],
"id": "CVE-2009-2057",
"lastModified": "2024-11-21T01:04:01.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-15T19:30:00.530",
"references": [
{
"source": "cve@mitre.org",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-07 16:02
Modified
2024-11-21 00:12
Severity ?
Summary
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
"matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*",
"matchCriteriaId": "B1D7486F-1B6C-4705-B73C-F763F36F5150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*",
"matchCriteriaId": "6DBFDCF4-ACC7-4196-BA4D-2A35FAA5E1F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*",
"matchCriteriaId": "5E49636B-A425-4595-9663-A22A9F7C7D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
"matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*",
"matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form."
}
],
"id": "CVE-2006-2900",
"lastModified": "2024-11-21T00:12:21.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-06-07T16:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20449"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1059"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18308"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2161"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-09 23:28
Modified
2024-11-21 00:24
Severity ?
Summary
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2000 | * | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | windows_2000 | * | |
| microsoft | ie | 6.0 | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | internet_explorer | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "8DC0F5CD-84DF-4569-A651-438D968AA801",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*",
"matchCriteriaId": "580632FB-7EB8-4DC6-A372-742D4523BF79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\""
},
{
"lang": "es",
"value": "Debordamiento de Entero en la implementaci\u00f3n (vgx.dll) del Lenguaje de Marcas de Vectores (VML) en Microsoft Internet Explorer 5.01, 6, y 7 en Windows 2000 SP4, XP SP2, Server 2003, y Server 2003 SP1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una p\u00e1gina web manipulada que contiene propiedades no especificadas tipo entero que provocan insufiencte reserva de memoria y dispara un desbordamiento de b\u00fafer, tambi\u00e9n conocido como la \"Vulnerabilidad de desbordamiento de b\u00fafer VML\"."
}
],
"id": "CVE-2007-0024",
"lastModified": "2024-11-21T00:24:47.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-01-09T23:28:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23677"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1017489"
},
{
"source": "secure@microsoft.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://support.microsoft.com/?kbid=929969"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/122084"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/31250"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21930"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2007/0105"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2007/0129"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1017489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.microsoft.com/?kbid=929969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/122084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/31250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-11 05:00
Modified
2024-11-20 23:40
Severity ?
Summary
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka \"Malformed PNG Image File Failure.\""
}
],
"id": "CVE-2002-1185",
"lastModified": "2024-11-20T23:40:46.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103970996205091\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.eeye.com/html/Research/Advisories/AD20021211.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10662.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6216"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103970996205091\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.eeye.com/html/Research/Advisories/AD20021211.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10662.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-10-20 04:00
Modified
2024-11-20 23:33
Severity ?
Summary
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "D0BDA2A8-EBB9-47AB-9DA0-5C24527F7210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "D2CFDA81-A703-4330-88B0-F3F18B3BB7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "A7B6FB02-F15F-486D-8E7C-40830ABDB62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the \"Frame Domain Verification\" vulnerability."
}
],
"id": "CVE-2000-0768",
"lastModified": "2024-11-20T23:33:14.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2000-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1564"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-15 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicaci\u00f3n web mediante secuencias de atravesamiento de directorios \"%2e%2e\" (punto punto codificado) en una URL, lo que hace que Internet Explorer env\u00ede la cookie fuera de los subconjuntos de URL especificados, por ejemplo a una aplicaci\u00f3n vulnerable que corre en el mismo servidor que la aplicaci\u00f3n objetivo."
}
],
"id": "CVE-2003-0513",
"lastModified": "2024-11-20T23:44:54.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-15T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-13 22:28
Modified
2024-11-21 00:16
Severity ?
Summary
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2000 | * | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | windows_2000 | * | |
| microsoft | ie | 6.0 | |
| microsoft | windows_2003_server | gold | |
| microsoft | windows_2003_server | gold | |
| microsoft | windows_2003_server | gold | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | windows_2003_server | gold | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | internet_explorer | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*",
"matchCriteriaId": "B058588A-88F3-4789-8EA9-0D37447B08CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*",
"matchCriteriaId": "3C9649DB-D417-4CCC-9F61-685ECB355AD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*",
"matchCriteriaId": "722526B1-12E3-42E7-95ED-84A86D0C189A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*",
"matchCriteriaId": "722526B1-12E3-42E7-95ED-84A86D0C189A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*",
"matchCriteriaId": "74EE55A2-6020-4591-9F15-80E57D19207C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 5.01, 6, y 7 utiliza ciertos objetos COM de Imjpcksid.dll como controles ActiveX, lo cual permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados. NOTA: este asunto podr\u00eda estar relacionado con CVE-2006-4193."
}
],
"id": "CVE-2006-4697",
"lastModified": "2024-11-21T00:16:34.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-13T22:28:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/24156"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/753924"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/31891"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/22486"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/753924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/31891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-03 17:55
Modified
2024-11-21 01:28
Severity ?
Summary
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 9 | |
| microsoft | internet_explorer | * | |
| microsoft | internet_explorer | 3.0 | |
| microsoft | internet_explorer | 4.0 | |
| microsoft | internet_explorer | 5 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 7 | |
| microsoft | internet_explorer | 8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:9:beta:*:*:*:*:*:*",
"matchCriteriaId": "4594B15E-22ED-4DDE-B35A-2CF8F4629729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF2A1DF-843B-4276-AC4E-EF6BC3CACCA9",
"versionEndIncluding": "9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
"matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue, aka \"Drag and Drop Information Disclosure Vulnerability.\" NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer versi\u00f3n 9 y anteriores, no restringen apropiadamente las acciones de arrastrar y soltar en zona cruzada, lo que permite a los atacantes remotos asistidos por el usuario leer archivos de cookies por medio de vectores que involucran un elemento IFRAME con un atributo SRC que contiene una URL http: que redirecciona hacia URL file:, como es demostrado por un juego de Facebook, relacionado con un problema de \"cookiejacking\", tambi\u00e9n se conoce como \"Drag and Drop Information Disclosure Vulnerability\". NOTA: esta vulnerabilidad se presenta debido a una correcci\u00f3n incompleta en la versi\u00f3n 9 de Internet Explorer."
}
],
"id": "CVE-2011-2383",
"lastModified": "2024-11-21T01:28:10.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-03T17:55:00.840",
"references": [
{
"source": "cve@mitre.org",
"url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388"
},
{
"source": "cve@mitre.org",
"url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt"
},
{
"source": "cve@mitre.org",
"url": "http://news.cnet.com/8301-1009_3-20066419-83.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/"
},
{
"source": "cve@mitre.org",
"url": "http://www.informationweek.com/news/security/vulnerabilities/229700031"
},
{
"source": "cve@mitre.org",
"url": "http://www.networkworld.com/community/node/74259"
},
{
"source": "cve@mitre.org",
"url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/"
},
{
"source": "cve@mitre.org",
"url": "http://www.youtube.com/watch?v=V95CX-3JpK0"
},
{
"source": "cve@mitre.org",
"url": "http://www.youtube.com/watch?v=VsSkcnIFCxM"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820"
},
{
"source": "cve@mitre.org",
"url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://news.cnet.com/8301-1009_3-20066419-83.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.informationweek.com/news/security/vulnerabilities/229700031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.networkworld.com/community/node/74259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.youtube.com/watch?v=V95CX-3JpK0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.youtube.com/watch?v=VsSkcnIFCxM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images."
}
],
"id": "CVE-2001-1489",
"lastModified": "2024-11-20T23:37:48.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/245152"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/3684"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/245152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/3684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-26 23:28
Modified
2024-11-21 00:27
Severity ?
Summary
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
"matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set."
},
{
"lang": "es",
"value": "Los marcos hijo en Microsoft Internet Explorer 7 heredan el juego de caracteres de la ventana padre cuando un juego de caracteres no se ha especificado en una cabecera HTTP Content-Type o en una etiqueta META, lo cual permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) , como se demuestra usando el juego de caracteres UTF-7."
}
],
"id": "CVE-2007-1114",
"lastModified": "2024-11-21T00:27:33.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-26T23:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24314"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.hardened-php.net/advisory_032007.142.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/32119"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/461076/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22701"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.hardened-php.net/advisory_032007.142.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/32119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461076/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0744"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-06-05 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "D0BDA2A8-EBB9-47AB-9DA0-5C24527F7210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "5680FE7F-95EE-46B2-B930-4A3DC27FD1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "ACC3A8B3-4E8C-46BD-965C-4EF655B9018D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "F7739338-DAE1-403F-B22C-2CFAC884E09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "A7B6FB02-F15F-486D-8E7C-40830ABDB62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different \"SSL Certificate Validation\" vulnerabilities."
}
],
"id": "CVE-2000-0518",
"lastModified": "2024-11-20T23:32:41.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2000-06-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-10.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1309"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4624"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-07-07 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/archive/1/363202 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/10348 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16147 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/363202 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10348 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16147 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash (\"\\\\\") before the target CHM file, as demonstrated using an \"ms-its\" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041."
},
{
"lang": "es",
"value": "La funci\u00f3n showHelp en Internet Explorer 6 en Windows XP Pro permite a atacantes remotos ejecutar ficheros .chm locales de su elecci\u00f3n mediante una barra invertida (\"\") doble antes del fichero .chm objetivo, como se ha demostrado usando una URL \"ms-its\" con ntshared.chm. NOTA: Este fallo puede solaparse con CAN-2003-1041."
}
],
"id": "CVE-2004-0475",
"lastModified": "2024-11-20T23:48:39.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-07-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/363202"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10348"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/363202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-03 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the \"Plug-in Navigation Address Bar Spoofing Vulnerability.\""
},
{
"lang": "es",
"value": "Internet Explorer 5.5 y 6 no manejan adecuadamente la navegaci\u00f3n con complementos (plug-in), lo que permite a atacantes remotos alterar la barra de navegaci\u00f3n mostrada y suplantar p\u00e1ginas web, facilitando ataques de \"phising\", tambi\u00e9n conocida como \"Vulnerabilidad de suplantaci\u00f3n de la barra de direcci\u00f3nes en navegaci\u00f3n en complemento\"."
}
],
"id": "CVE-2004-0843",
"lastModified": "2024-11-20T23:49:32.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/625616"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17655"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3949"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6313"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7095"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/625616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7194"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-20 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C26125C2-2476-43E8-8878-8C1A5A8B244F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window."
},
{
"lang": "es",
"value": "MS Internet Explorer para Unix 5.0SP1 permite a usuarios locales forzar una denegraci\u00f3n de servicio (crash) tanto en CDE como en servidor X de Solaris 2.6 a trav\u00e9s de maximizar la ventana o mostrar r\u00e1pidamente caracteres chinos."
}
],
"id": "CVE-2001-1218",
"lastModified": "2024-11-20T23:37:10.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-20T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/246611"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/246611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3729"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-31 23:04
Modified
2024-11-21 00:14
Severity ?
Summary
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6 en Windows XP SP2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un objeto (1) Forms.ListBox.1 o (2) Forms.ListBox.1 con la propiedad ListWidth establecida a (a) 0x7fffffff, lo cual provoca una excepci\u00f3n de desbordamiento de entero, o a (b) 0x7ffffffe, lo cual provoca una referencia nula."
}
],
"id": "CVE-2006-3944",
"lastModified": "2024-11-21T00:14:46.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-31T23:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27372"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19113"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2954"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27931"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-11-11 05:00
Modified
2024-11-20 23:32
Severity ?
Summary
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 4.0 | |
| microsoft | ie | 4.0 | |
| microsoft | ie | 4.0.1 | |
| microsoft | ie | 4.0.1 | |
| microsoft | ie | 4.0.1 | |
| microsoft | ie | 4.1 | |
| microsoft | ie | 4.1 | |
| microsoft | ie | 4.1 | |
| microsoft | ie | 5 | |
| microsoft | ie | 5.0 | |
| microsoft | ie | 5.0 | |
| microsoft | ie | 5.0 | |
| microsoft | internet_explorer | 4.0 | |
| microsoft | outlook | 98 | |
| microsoft | outlook | 2000 | |
| microsoft | outlook_express | 4.27.3110.1 | |
| microsoft | outlook_express | 4.72.2106.4 | |
| microsoft | outlook_express | 4.72.3120.0 | |
| microsoft | outlook_express | 4.72.3612.1700 | |
| microsoft | outlook_express | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "D0BDA2A8-EBB9-47AB-9DA0-5C24527F7210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "5680FE7F-95EE-46B2-B930-4A3DC27FD1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "ACC3A8B3-4E8C-46BD-965C-4EF655B9018D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "F7739338-DAE1-403F-B22C-2CFAC884E09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "D45C47A8-8B5F-4A49-8B36-FCBA09029375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "0CFF1B46-BEDD-4D96-90EA-EE4376AFCAF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "84730D4D-7887-4A64-8C76-F50C85309FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "A7B6FB02-F15F-486D-8E7C-40830ABDB62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:98:*:*:*:*:*:*:*",
"matchCriteriaId": "52970A43-173E-477B-80BF-6FDBB6B0EECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "D52F17AB-2C87-4C1A-91B5-267ABBCF5844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:4.27.3110.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAE90D0-1637-49F4-8453-5E9959B55002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:4.72.2106.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D707B4FB-4BB2-4C84-851B-A8926AC26B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:4.72.3120.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7769EE2E-A740-4AE8-B1B1-A5256C12601D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:4.72.3612.1700:*:*:*:*:*:*:*",
"matchCriteriaId": "14B52779-4A43-4507-988F-5B5A81658FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F71D6D7-6CB2-4BE9-839A-A5714144029C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the \"Active Setup Control\" vulnerability."
}
],
"id": "CVE-2000-0329",
"lastModified": "2024-11-20T23:32:15.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "1999-11-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-048"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el control ActiveX BR549.DLL de Internet Explorer 5.01 SP3 a 6.0 SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2003-0530",
"lastModified": "2024-11-20T23:44:57.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/9580"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1007538"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-22.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/548964"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8454"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/9580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1007538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-22.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/548964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en el mont\u00edculo (heap) en plugin.ocx de Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrari mediante el m\u00e9todo Load(), una vulnerabilidad distinta de CAN-2003-0115."
}
],
"id": "CVE-2003-0233",
"lastModified": "2024-11-20T23:44:16.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-05-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105120164927952\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11854.php"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105120164927952\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11854.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-06 01:05
Modified
2024-11-21 00:13
Severity ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 6.0.2600 | |
| microsoft | internet_explorer | 6.0.2800 | |
| microsoft | internet_explorer | 6.0.2800.1106 | |
| microsoft | internet_explorer | 6.0.2900.2180 | |
| canon | network_camera_server_vb101 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
"matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*",
"matchCriteriaId": "B1D7486F-1B6C-4705-B73C-F763F36F5150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*",
"matchCriteriaId": "6DBFDCF4-ACC7-4196-BA4D-2A35FAA5E1F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*",
"matchCriteriaId": "5E49636B-A425-4595-9663-A22A9F7C7D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
"matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*",
"matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*",
"matchCriteriaId": "3665D68D-8E1E-4FA9-97B9-9E099DDE84F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
"matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "A53E9D33-ECCD-428B-A117-3EB04B9554C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference."
},
{
"lang": "es",
"value": "Vulnerabilidad en el navegador web Internet Explorer v6 de Microsoft que permite a atacantes remotos causar una denegaci\u00f3n de servicio (indisponibilidad de la aplicaci\u00f3n) asignando a la propiedad \"Filter\" (filtro) de un objeto ActiveX ADODB.Recordset ciertos valores varias veces, lo que dispara un de-referenciaci\u00f3n de un direcci\u00f3n (o puntero) nula."
}
],
"id": "CVE-2006-3354",
"lastModified": "2024-11-21T00:13:25.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-06T01:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26834"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18773"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27596"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-23 01:04
Modified
2024-11-21 00:14
Severity ?
Summary
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00f3n en URLMON.DLL en Microsoft Internet Explorer 6 SP1 en Windows 2000 y XP SP1, con versiones del parche MS06-042 anteriores al 24/08/2006, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo de su elecci\u00f3n mediante una URL larga en un sitio web que utilice compresi\u00f3n HTTP 1.1."
}
],
"id": "CVE-2006-3869",
"lastModified": "2024-11-21T00:14:36.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-23T01:04:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21557"
},
{
"source": "secure@microsoft.com",
"url": "http://securityreason.com/securityalert/1441"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1016731"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://support.microsoft.com/kb/923762/"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/821156"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://www.microsoft.com/technet/security/advisory/923762.mspx"
},
{
"source": "secure@microsoft.com",
"url": "http://www.nsfocus.com/english/homepage/research/0608.htm"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/28132"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/444046/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/444241/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/444319/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/19667"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/3356"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28522"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.microsoft.com/kb/923762/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/821156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.microsoft.com/technet/security/advisory/923762.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nsfocus.com/english/homepage/research/0608.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/444046/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/444241/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/444319/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-20 02:28
Modified
2024-11-21 00:23
Severity ?
Summary
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
"matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91EB05F7-D88A-40AA-A8CB-F76C449878AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
"matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML."
},
{
"lang": "es",
"value": "El control ActiveX Recipient de Microsoft Office Outlook (ole32.dll) en Windows XP SP2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue de Internet Explorer 7) mediante una HTML artesanal."
}
],
"id": "CVE-2006-6659",
"lastModified": "2024-11-21T00:23:20.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-20T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017397"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://shinnai.altervista.org/viewtopic.php?id=41\u0026t_id=8"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://shinnai.altervista.org/viewtopic.php?id=41\u0026t_id=8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21649"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-11-01 05:00
Modified
2024-11-20 23:29
Severity ?
Summary
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 4.0 | |
| microsoft | internet_explorer | 3.0 | |
| microsoft | internet_explorer | 3.0.2 | |
| microsoft | internet_explorer | 3.1 | |
| microsoft | internet_explorer | 3.2 | |
| microsoft | internet_explorer | 4.0 | |
| microsoft | internet_explorer | 4.0.1 | |
| microsoft | internet_explorer | 4.1 | |
| microsoft | internet_explorer | 4.5 | |
| microsoft | internet_explorer | 5.0 | |
| netscape | navigator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:a_mac_os:*:*:*:*:*:*",
"matchCriteriaId": "35AA9DC0-0694-48FC-8652-831DFAB29226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D09FC21-1170-4399-8378-1D8353689C76",
"versionEndIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "By default, Internet Explorer 5.0 and other versions enables the \"Navigate sub-frames across different domains\" option, which allows frame spoofing."
}
],
"id": "CVE-1999-0827",
"lastModified": "2024-11-20T23:29:34.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "1999-11-01T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker\u0027s domain name is within the target\u0027s domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions."
}
],
"id": "CVE-2004-1527",
"lastModified": "2024-11-20T23:51:06.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110053968530613\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/13208"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11680"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110053968530613\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/13208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18073"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-23 00:06
Modified
2024-11-21 00:08
Severity ?
Summary
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "4A33815E-5D85-4F0E-A4D1-DB31A64C8801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer."
}
],
"id": "CVE-2006-1359",
"lastModified": "2024-11-21T00:08:40.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-23T00:06:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html"
},
{
"source": "secure@microsoft.com",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html"
},
{
"source": "secure@microsoft.com",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html"
},
{
"source": "secure@microsoft.com",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18680"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/secunia_research/2006-7/advisory/"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1015812"
},
{
"source": "secure@microsoft.com",
"url": "http://www.ciac.org/ciac/bulletins/q-154.shtml"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.computerterrorism.com/research/ct22-03-2006"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/876678"
},
{
"source": "secure@microsoft.com",
"url": "http://www.microsoft.com/technet/security/advisory/917077.mspx"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/24050"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/428441"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/428583/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/428600/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/429088/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/429124/30/6120/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17196"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/1050"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25379"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/secunia_research/2006-7/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/q-154.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.computerterrorism.com/research/ct22-03-2006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/876678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.microsoft.com/technet/security/advisory/917077.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428583/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428600/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/429088/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/429124/30/6120/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-02-19 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka \"Improper Cross Domain Security Validation with ShowHelp functionality.\""
},
{
"lang": "es",
"value": "La funci\u00f3n showHelp() en Microsoft Internet Explorer 5.5 y 6.0 soporta ciertos tipos de protocolos enchufables (a\u00f1adibles) qeu permiten a atacantes remotos evitar el modelo de seguridad de cruce de dominios y ejecutar c\u00f3digo arbitrario. Tambi\u00e9n conocida como \"Validaci\u00f3n de Seguridad entre dominios con funcionalidad showHelp\""
}
],
"id": "CVE-2003-1328",
"lastModified": "2024-11-20T23:46:53.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-02-19T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/n-038.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11259.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/400577"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6780"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/n-038.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11259.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/400577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-18 15:47
Modified
2024-11-21 00:14
Severity ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (excepci\u00f3n de desbordamiento de pila) a trav\u00e9s del objeto de ActiveX DXImageTransform.Microsoft.Gradient con una propiedad larga (1) StartColorStr o (2) EndColorStr."
}
],
"id": "CVE-2006-3657",
"lastModified": "2024-11-21T00:14:07.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-18T15:47:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27109"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19029"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2832"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27762"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | ip600_media_servers | * | |
| microsoft | ie | 6.0 | |
| avaya | definity_one_media_server | * | |
| avaya | s8100 | * | |
| avaya | modular_messaging_message_storage_server | s3400 | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFF29C7-E5AA-44EB-B1A9-602B3692D893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "CA7BA525-6DB8-4444-934A-932AFED69816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"matchCriteriaId": "90CFA69B-7814-4F97-A14D-D76310065CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"matchCriteriaId": "AB6ADBAF-6EB0-4CFA-9D33-A814AC20484E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share."
},
{
"lang": "es",
"value": "Vulnerabilidad basada en la pila en el Programador de Tareas de Windows 2000 y XP, e Internet Explorer 6 en Windows NT 4.0 permite a atacantes remotos o locales ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero .job conteniendo par\u00e1metros grandes, como se ha demostrado utlizando Internet Explorer y accediendo a un fichero .job en una carpeta de red compartida an\u00f3nimamente."
}
],
"id": "CVE-2004-0212",
"lastModified": "2024-11-20T23:48:00.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108981273009250\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108981403025596\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12060"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/228028"
},
{
"source": "cve@mitre.org",
"url": "http://www.ngssoftware.com/advisories/mstaskjob.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16591"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108981273009250\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108981403025596\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/228028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ngssoftware.com/advisories/mstaskjob.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-31 11:28
Modified
2024-11-21 00:26
Severity ?
Summary
Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 5.0_ta3 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 7.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0_ta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A086C4BD-F015-45F9-AF24-763F0FDF4268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
"matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference."
},
{
"lang": "es",
"value": "M\u00faltiples controles de ActiveX en el Microsoft Windows 2000, XP, 2003 y Vista permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del Internet Explorer) mediante el acceso a las propiedades bgColor, fgColor, linkColor, alinkColor, vlinkColor o defaultCharset en los objetos (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile o (11) wdfile objects en (a) mshtml.dll; o en los objetos (12) TriEditDocument.TriEditDocument o (13) TriEditDocument.TriEditDocument.1 en (b) triedit.dll, lo que provoca una referencia a un puntero NULO (NULL)."
}
],
"id": "CVE-2007-0612",
"lastModified": "2024-11-21T00:26:18.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-31T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/32628"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2199"
},
{
"source": "cve@mitre.org",
"url": "http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/458443/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/22288"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/32628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/458443/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/22288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31867"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-12-23 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 4.0 | |
| microsoft | internet_explorer | 3.0 | |
| microsoft | internet_explorer | 3.0.2 | |
| microsoft | internet_explorer | 3.1 | |
| microsoft | internet_explorer | 3.2 | |
| microsoft | internet_explorer | 4.0 | |
| microsoft | internet_explorer | 4.0.1 | |
| microsoft | internet_explorer | 4.1 | |
| microsoft | internet_explorer | 4.5 | |
| microsoft | internet_explorer | 5.0 | |
| microsoft | internet_explorer | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:a_mac_os:*:*:*:*:*:*",
"matchCriteriaId": "35AA9DC0-0694-48FC-8652-831DFAB29226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function."
}
],
"id": "CVE-2000-0028",
"lastModified": "2024-11-20T23:31:33.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "1999-12-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0028"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-10 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka \"JPEG Image Rendering Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2005-1988",
"lastModified": "2024-11-20T23:58:33.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-08-10T04:00:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16373/"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/965206"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2005/1353"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1216"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1335"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16373/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/965206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/1353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A390"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-06-05 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "D0BDA2A8-EBB9-47AB-9DA0-5C24527F7210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "5680FE7F-95EE-46B2-B930-4A3DC27FD1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "ACC3A8B3-4E8C-46BD-965C-4EF655B9018D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "F7739338-DAE1-403F-B22C-2CFAC884E09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "A7B6FB02-F15F-486D-8E7C-40830ABDB62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "9CD5EAB0-B400-41C6-B96E-B7594DB0226F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different \"SSL Certificate Validation\" vulnerabilities."
}
],
"id": "CVE-2000-0519",
"lastModified": "2024-11-20T23:32:41.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2000-06-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-10.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1309"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4627"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help."
}
],
"id": "CVE-2004-0985",
"lastModified": "2024-11-20T23:49:50.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109829111200055\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109830296130857\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=109828076802478\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109829111200055\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109830296130857\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=109828076802478\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17824"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-14 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function."
}
],
"id": "CVE-2005-0110",
"lastModified": "2024-11-20T23:54:26.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-01-14T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=110569119106172\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=110569119106172\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-19 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg."
},
{
"lang": "es",
"value": "El descodificador de JPEG en Microsoft Internet Explorer permite que atacantes remotos causen una denegaci\u00f3n de servicio (consumo de CPU o ca\u00edda) y posiblemente ejecuten c\u00f3digo arbitrario mediante im\u00e1genes JPEG ama\u00f1adas. Queda demostrado usando (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, o (4) random.jpg."
}
],
"id": "CVE-2005-2308",
"lastModified": "2024-11-20T23:59:16.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lcamtuf.coredump.cx/crash"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/405298"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14284"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14285"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lcamtuf.coredump.cx/crash"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/405298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14286"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-09 00:04
Modified
2024-11-21 00:14
Severity ?
Summary
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka \"Window Location Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 5.01 y 6 permite a ciertas secuencias de comandos persistir a trav\u00e9s de navegaciones entre p\u00e1ginas, lo cual permite a un atacante remoto obtener la localizaci\u00f3n de ventana de p\u00e1ginas web visitadas en otros dominios o zonas, tambien conocido como \"Vulnerabilidad de acceso de la informaci\u00f3n de localizaci\u00f3n de ventana\"."
}
],
"id": "CVE-2006-3640",
"lastModified": "2024-11-21T00:14:05.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-09T00:04:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/21396"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1016663"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/27850"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/19339"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page."
},
{
"lang": "es",
"value": "Internet Explorer 5.01 a 6.0 no maneja adecuadamente etiquetas \"object\" devueltas por un servidor Web durante un una asociaci\u00f3n de datos XML, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un correo electr\u00f3nico HTML o una p\u00e1gina web."
}
],
"id": "CVE-2003-0809",
"lastModified": "2024-11-20T23:45:34.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/7887"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8565"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13300"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/7887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-12 23:00
Modified
2024-11-21 00:41
Severity ?
Summary
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:activex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEF84E6-3C24-4B73-96A4-467F5C03DB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*",
"matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "574EE6CB-7AF4-4DE2-B668-36BBCB19FCC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "BE2858A5-C9BF-40D8-B3D2-056562BF1C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_sp2:*:*:*:*:*",
"matchCriteriaId": "75234062-241B-421A-B7BC-610A5B0D8EF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_sp2_itanium:*:*:*:*:*",
"matchCriteriaId": "82D6ABD4-C607-44E8-8D84-25406AE0F3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_x64_edition:*:*:*:*:*",
"matchCriteriaId": "379FE901-58AC-4F47-9B3B-9A40D723CC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_x64_edition_sp2:*:*:*:*:*",
"matchCriteriaId": "EC18DBBB-9C9E-4532-B390-92C35E52943A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_xp_professional_x64_edition:*:*:*:*:*",
"matchCriteriaId": "49C8060E-CFB9-4EEA-B5B9-B7607B046AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_xp_professional_x64_edition_sp2:*:*:*:*:*",
"matchCriteriaId": "FB17CABD-21BE-454F-9602-19DB444A574C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp1_itanium:*:*:*:*:*",
"matchCriteriaId": "AB202F47-248D-4290-955F-D1304C6F2395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp2:*:*:*:*:*",
"matchCriteriaId": "3994AE83-EC42-4893-AF51-BC98F35A53CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp2_itanium:*:*:*:*:*",
"matchCriteriaId": "33F4B074-7BA5-4A36-A866-945D771D2EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_x64_edition:*:*:*:*:*",
"matchCriteriaId": "491333D2-FDB1-4FC8-B54C-19E06B57FC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_x64_edition_sp2:*:*:*:*:*",
"matchCriteriaId": "E8453618-EDD7-41F4-840E-AA323A873B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_vista:*:*:*:*:*",
"matchCriteriaId": "E5E8CC5B-B8E9-4B54-AE32-4632E77F0320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_vista_x64:*:*:*:*:*",
"matchCriteriaId": "EA7D9655-718E-42D6-9752-64BA3AAC5546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_xp_professional_x64_edition:*:*:*:*:*",
"matchCriteriaId": "8E5B894F-6E15-46DA-93B4-EAB9468D37A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_xp_professional_x64_edition_sp2:*:*:*:*:*",
"matchCriteriaId": "CCE0AF0B-DF2A-4F3F-8F5C-0E4056A34229",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka \"Argument Handling Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en el Control ActiveX (dxtmsft.dll) en Microsoft Internet Explorer 5.01, 6 SP1 y SP2, y 7, que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una imagen manipulada, tambi\u00e9n conocida como \"Vulnerabilidad de memoria en el manejo de un argumento\""
}
],
"id": "CVE-2008-0078",
"lastModified": "2024-11-21T00:41:07.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-12T23:00:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/28903"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/27689"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1019381"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2008/0512/references"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0512/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2024-11-20 23:48
Severity ?
Summary
Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6EAE0-5A8F-4A97-950B-879379A3C0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D3A4D9C5-A698-4523-8756-5D7EBAA47951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0E20E02-43B2-499B-ADDD-B5B7003894D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if \"Do not save encrypted pages to disk\" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6.0, Outlook 2002, y Outlook 2003 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (consumici\u00f3n de CPU) si est\u00e1 desactivado \"No guardar las p\u00e1ginas cifradas en el disco), mediante un sitio web o un mensaje de correo electr\u00f3nico que contenga dos caract\u00e9res nulos (%00) despu\u00e9s del nombre de m\u00e1quina."
}
],
"id": "CVE-2004-0284",
"lastModified": "2024-11-20T23:48:11.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107643134712133\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9629"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107643134712133\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15127"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays."
}
],
"id": "CVE-2004-1198",
"lastModified": "2024-11-20T23:50:20.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/382257"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11751"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/382257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | outlook | 97 | |
| microsoft | outlook | 98 | |
| microsoft | outlook | 2000 | |
| microsoft | outlook | 2000 | |
| microsoft | outlook | 2000 | |
| microsoft | outlook | 2000 | |
| microsoft | outlook | 2002 | |
| microsoft | outlook | 2002 | |
| microsoft | outlook | 2002 | |
| microsoft | outlook | 2002 | |
| microsoft | outlook | 2003 | |
| microsoft | outlook_express | 4.0 | |
| microsoft | outlook_express | 4.01 | |
| microsoft | outlook_express | 4.27.3110 | |
| microsoft | outlook_express | 4.72.2106 | |
| microsoft | outlook_express | 4.72.3120.0 | |
| microsoft | outlook_express | 4.72.3612 | |
| microsoft | outlook_express | 5.0 | |
| microsoft | outlook_express | 5.0.1 | |
| microsoft | outlook_express | 5.5 | |
| microsoft | outlook_express | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:97:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D5CC3A-E880-4727-AEBE-1E4FE5A43AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:98:*:*:*:*:*:*:*",
"matchCriteriaId": "52970A43-173E-477B-80BF-6FDBB6B0EECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "D52F17AB-2C87-4C1A-91B5-267ABBCF5844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2000:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8A343E57-CF86-4500-96D2-7172B93808BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BBE43EAE-9397-44E4-AE3D-44CEA47699DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2000:sr1:*:*:*:*:*:*",
"matchCriteriaId": "52A5E941-25A7-405E-B330-8101D6829B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6EAE0-5A8F-4A97-950B-879379A3C0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2002:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D3A4D9C5-A698-4523-8756-5D7EBAA47951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2002:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D0E20E02-43B2-499B-ADDD-B5B7003894D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "ACCF73A2-FFD7-41E0-B1BF-E5B4590F51FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6764F97F-6906-4953-BB1C-AA6345FA8FBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:4.01:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B2FEDFE4-ADD1-4B93-ABFC-0F04E0F6572E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:4.27.3110:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5A497C-D03E-4666-BFCE-632F9943DB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:4.72.2106:*:*:*:*:*:*:*",
"matchCriteriaId": "5D635E46-B428-498D-9C6C-7CA9EB397C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:4.72.3120.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7769EE2E-A740-4AE8-B1B1-A5256C12601D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:4.72.3612:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C57670-B009-4C06-BAFD-B5212750F298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F71D6D7-6CB2-4BE9-839A-A5714144029C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A72832FD-812D-4175-AA50-DC1DDAD5B954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57C8ACA2-A3C6-4435-9C0C-B316879FE1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85FD3557-956D-4A96-8AA5-5FD9DB87FD11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack."
},
{
"lang": "es",
"value": "Versiones desconocidas de Internet Explorer y Outlook permiten a atacantes remotos suplantar URL leg\u00edtimas en la barra de estado mediante etiquetas A HREF con valores \"alt\" modificados que apuntan al sitio leg\u00edtimo, combinado con un mapa de imagen cuyo HREF apunta al sitio malicioso, lo que facilita ataques de suplantaci\u00f3n para robo de datos (phising)."
}
],
"id": "CVE-2004-0526",
"lastModified": "2024-11-20T23:48:47.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108422905510713\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.kurczaba.com/securityadvisories/0405132poc.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10308"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108422905510713\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kurczaba.com/securityadvisories/0405132poc.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-09-16 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\""
}
],
"id": "CVE-2004-0869",
"lastModified": "2024-11-20T23:49:34.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securityfocus.com/archive/1/375407"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011332"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securityfocus.com/archive/1/375407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-01-20 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window\u0027s zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the \"Travel Log Cross Domain Vulnerability.\""
},
{
"lang": "es",
"value": "Internet Explorer SP1 permite a atacantes remotos evitar restricciones de zonas mediante una URL de protocolo JavaScript en un sub-marco, que es a\u00f1adido al historial de p\u00e1ginas visitadas y es ejecutado en la zona de seguridad de la ventana principal cuando se usa el m\u00e9todo JavaScritp \"history.back\" (mostrar p\u00e1gina anterior), como se demostr\u00f3 por BackToFramedJpu."
}
],
"id": "CVE-2003-1026",
"lastModified": "2024-11-20T23:46:10.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-01-20T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106979349517578\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/784102"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13846"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106979349517578\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/784102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-09 00:04
Modified
2024-11-21 00:14
Severity ?
Summary
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka \"Source Element Cross-Domain Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 5.01 y 6 no identifica adecuadamente la zona de dominio que origina cuando maneja la redirecci\u00f3n, lo cual permite a un atacante remoto leer p\u00e1ginas web de dominios cruzados y posiblemente ejecutar c\u00f3digo a trav\u00e9s de vectores no especificados que afectan a p\u00e1ginas web manipuladas, tambi\u00e9n conocido como \"Vulnerabilidad de Elemento Fuente de Cruce de Dominios\"."
}
],
"id": "CVE-2006-3639",
"lastModified": "2024-11-21T00:14:05.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-09T00:04:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/21396"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1016663"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/252764"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/27851"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/19400"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/252764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-15 08:00
Modified
2024-11-21 01:00
Severity ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | windows_2000 | * | |
| microsoft | internet_explorer | 6 | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*",
"matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*",
"matchCriteriaId": "29EDE745-5A26-42BF-AFDE-7D985BB09D44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*",
"matchCriteriaId": "2D48D876-6A88-4B52-9322-9F019BFA19B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka \"Uninitialized Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 en Windows XP SP2 y SP3, y 6 en Windows Server 2003 SP1 y SP2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una p\u00e1gina web que dispara la presencia de un objeto en memoria que (1) no fue inicializado adecuadamente o (2) borrado, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria sin inicializar\"."
}
],
"id": "CVE-2009-0552",
"lastModified": "2024-11-21T01:00:18.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-15T08:00:00.640",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/53625"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/34678"
},
{
"source": "secure@microsoft.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1022042"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1028"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window\u0027s \"href\" to the malicious Javascript, then calling execCommand(\"Refresh\") to refresh the page, aka BodyRefreshLoadsJPU or the \"ExecCommand Cross Domain\" vulnerability."
},
{
"lang": "es",
"value": "Internet Explorer 6 SP1 y anteriores permiten que atacantes remotos se salten restricciones y ejecuten Javascript fijando el \"\"href\"\" al Javascript malicioso y a continuaci\u00f3n llamando al comando execCommand(\"\"Refresh\"\"). Tambi\u00e9n se la conoce como vulnerabilidad \"\"ExecCommand Cross Domain\"\" o BodyRefreshLoadsJPU ."
}
],
"id": "CVE-2003-0814",
"lastModified": "2024-11-20T23:45:34.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10192"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1007687"
},
{
"source": "cve@mitre.org",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/326412"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1007687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/326412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-15 08:00
Modified
2024-11-21 01:00
Severity ?
Summary
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*",
"matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*",
"matchCriteriaId": "1D12423F-FCCD-4F4C-9037-7607C1F1F99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*",
"matchCriteriaId": "29EDE745-5A26-42BF-AFDE-7D985BB09D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*",
"matchCriteriaId": "2D48D876-6A88-4B52-9322-9F019BFA19B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*",
"matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*",
"matchCriteriaId": "29EDE745-5A26-42BF-AFDE-7D985BB09D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*",
"matchCriteriaId": "2D48D876-6A88-4B52-9322-9F019BFA19B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*",
"matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:32_bit:*:*:*:*:*",
"matchCriteriaId": "C4BFF042-5C0B-482A-915B-3B9A267D2D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*",
"matchCriteriaId": "1D12423F-FCCD-4F4C-9037-7607C1F1F99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "ACF75FC8-095A-4EEA-9A41-C27CFF3953FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "57ECAAA8-8709-4AC7-9CE7-49A8040C04D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a \"credential-reflection protections\" opt-in step, aka \"Windows HTTP Services Credential Reflection Vulnerability\" and \"WinINet Credential Reflection Vulnerability.\""
},
{
"lang": "es",
"value": "Windows HTTP Services (tambi\u00e9n conocido como WinHTTP) en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008; y WinINet en Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 y 7 en Windows XP SP2 y SP3, 6 y 7 en Windows Server 2003 SP1 y SP2, 7 en Windows Vista Gold y SP1, y 7 en Windows Server 2008; permite a servidores web remotos capturar y reproducir credenciales NTLM, y ejecutar c\u00f3digo de su elecci\u00f3n, a trav\u00e9s de vectores relacionados con la falta de \"protecciones credencial-reflexi\u00f3n\" paso opt-in, tambi\u00e9n conocido como \"Vulnerabilidad de Reflexi\u00f3n de Credencial en Servicios HTTP de Windows\" y \"Vulnerablidad de Reflexi\u00f3n de Credencial WinINet\"."
}
],
"id": "CVE-2009-0550",
"lastModified": "2024-11-21T01:00:17.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-15T08:00:00.593",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx"
},
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/53619"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/34677"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/34678"
},
{
"source": "secure@microsoft.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
},
{
"source": "secure@microsoft.com",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=871138"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/34439"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1022041"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1027"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1028"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=871138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the \"Browser Cache Script Execution in My Computer Zone\" vulnerability."
},
{
"lang": "es",
"value": "Internet Explorer 5.01 SP3 a 6.0 SP1 permite a atacantes remotos acceder a y ejecutar script en el dominio \"Mi PC\" usando la cach\u00e9 del navegador; tambi\u00e9n llamada vulnerabilidad \"Ejecuci\u00f3n de scritp en el navegador en la zona Mi PC\"."
}
],
"id": "CVE-2003-0531",
"lastModified": "2024-11-20T23:44:57.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/9580"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-22.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/205148"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/security/english/snsadv_e/67_e.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8457"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/9580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-22.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/205148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/security/english/snsadv_e/67_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12961"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-12 00:46
Modified
2024-11-21 00:34
Severity ?
Summary
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 6.0.2600 | |
| microsoft | internet_explorer | 6.0.2800 | |
| microsoft | internet_explorer | 6.0.2800.1106 | |
| microsoft | internet_explorer | 6.0.2900 | |
| microsoft | internet_explorer | 6.0.2900.2180 | |
| microsoft | internet_explorer | 7 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0.5730.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of \"Uninitialized Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Internet Explorer versiones 6 y 7, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de objetos no inicializados o eliminados usados en llamadas repetidas a la funci\u00f3n de JavaScript (1) cloneNode o (2) nodeValue, un problema diferente de CVE-2007-3902 y CVE-2007-5344, una variante de \"Uninitialized Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2007-3903",
"lastModified": "2024-11-21T00:34:20.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-12T00:46:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28036"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1019078"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/484888/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/26816"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-074.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38714"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/484888/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-074.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB0BA4C-BA48-4DDA-917E-9EA9E04A898F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nortel:ip_softphone_2050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A140A10-720D-4FF5-9559-184D9AC33509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48E2627D-3244-4A66-9EF6-B790EEFD0D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nortel:optivity_telephony_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "162EA244-0CED-44BF-9857-13127C833FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nortel:symposium_web_centre_portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17F13410-3380-4CB8-9E20-92E14B85ADC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nortel:symposium_web_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "872353DB-616C-46F8-99F1-7C7B56DEF34F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E25F5CF2-F891-41CA-A40C-13966F72FDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7417958C-5321-41D6-9D1A-D16BF5511E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "E69D0E21-8C62-403E-8097-2CA403CBBB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "5D42E51C-740A-4441-8BAF-D073111B984C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "74AD256D-4BCE-41FB-AD73-C5C63A59A06D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*",
"matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
"matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*",
"matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*",
"matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*",
"matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
"matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by \"wottapoop.html\"."
}
],
"id": "CVE-2004-0839",
"lastModified": "2024-11-20T23:49:32.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/526089"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10973"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109303291513335\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109336221826652\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/526089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7721"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the \"Function Pointer Override Cross Domain\" vulnerability."
},
{
"lang": "es",
"value": "Internet Explorer 6 SP1 y anteriores permite que atacantes remotos se salten restricciones de seguridad y lean ficheros arbitrario mediante (1) modificando el m\u00e9todo createTextRange y usando CreateLink, como se demuestra usando LinkillerSaveRef, LinkillerJPU, yLinkiller. Y (2) modificando el m\u00e9todo createRange y usando el di\u00e1logo FIND para seleccionar texto, como se demuestra usando Findeath. Tambi\u00e9n se la conoce como vulnerabilidad \"\"Function Pointer Override Cross Domain\"\"."
}
],
"id": "CVE-2003-0815",
"lastModified": "2024-11-20T23:45:34.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106321757619047\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106322542104656\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10192"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1007687"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/o-021.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/7888"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/7889"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9014"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13676"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106321757619047\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106322542104656\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1007687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/o-021.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/7888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/7889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-10 20:05
Modified
2024-11-21 00:13
Severity ?
Summary
Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6.0 y 6.0 SP1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de una p\u00e1gina HTML con una etiqueta A que contiene un atributo de t\u00edtulo largo. NOTA: el origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido \u00fanicamente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2006-3472",
"lastModified": "2024-11-21T00:13:41.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-10T20:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30822"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18820"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 5.2.3 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 7.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.2.3:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "EB51F2D6-3CCA-4695-8A92-39999749B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF4D6428-CD8B-4155-A876-89B0938AC02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable."
}
],
"id": "CVE-2004-1155",
"lastModified": "2024-11-20T23:50:14.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/13251/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22628"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/secunia_research/2004-13/advisory/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/13251/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/secunia_research/2004-13/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449917/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11855"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka \"DHTML Object Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2005-0553",
"lastModified": "2024-11-20T23:55:23.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14922/"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=228\u0026type=vulnerabilities"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/774338"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19831"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1695"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3100"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3752"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4874"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14922/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=228\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/774338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4985"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object."
},
{
"lang": "es",
"value": "Internet Explorer 5.01 hasta la 6 SP1 permite que atacantes remotos se salten restricciones de seguirdad y lean ficheros arbitrarios mediante objetos XML."
}
],
"id": "CVE-2003-0817",
"lastModified": "2024-11-20T23:45:35.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10192"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9012"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-09-16 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kde | konqueror | 2.1.1 | |
| kde | konqueror | 2.1.2 | |
| kde | konqueror | 2.2.1 | |
| kde | konqueror | 2.2.2 | |
| kde | konqueror | 3.0 | |
| kde | konqueror | 3.0.1 | |
| kde | konqueror | 3.0.2 | |
| kde | konqueror | 3.0.3 | |
| kde | konqueror | 3.0.5 | |
| kde | konqueror | 3.0.5b | |
| kde | konqueror | 3.1 | |
| kde | konqueror | 3.1.1 | |
| kde | konqueror | 3.1.2 | |
| kde | konqueror | 3.1.3 | |
| kde | konqueror | 3.1.4 | |
| kde | konqueror | 3.1.5 | |
| kde | konqueror | 3.2.1 | |
| kde | konqueror | 3.2.3 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0 | |
| mozilla | firefox | 0.9.2 | |
| suse | suse_linux | 1.0 | |
| suse | suse_linux | 8 | |
| suse | suse_linux | 8.1 | |
| suse | suse_linux | 8.2 | |
| suse | suse_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "417F34FB-A6B0-4090-BDC9-6D4C1BF0D3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61416A22-7309-4890-80B8-6E7C09C7BE8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F918814C-F129-4534-921A-38AF678A7016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D435E39F-4F70-481B-9225-B072B79BEB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD68BAB-8945-4A22-938E-12C01D0111D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3220BF-B0AF-4C90-89BD-B425EE58021D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53FB7A-AF7F-45B2-AF23-11B1FC4EC289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "619EB7F6-8694-4344-A4C9-A35DA58391AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7FED2DFC-592C-4FD3-B0B7-C670C78F56DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.0.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC65385-B190-44BE-9AF8-B14F48303046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7BAE27-7AB1-4DBD-98AD-6109F0D9A458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8A54F6-96A9-44B8-97C8-50DA7276708D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1001754B-8EDB-41A2-9D5D-6E2A2B556DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D57D87-3E6A-4A73-85BA-EE679E9DA8D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "60BE888B-FE26-4378-B853-29995A55920C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99E4FC9B-F47C-4BD5-B2C7-23CBAD2D5488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0172B167-5780-4F80-ACC9-2FB8B60D6717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0DB31D-D075-409C-9ED9-A9E1D96332CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*",
"matchCriteriaId": "C7EAAD04-D7C4-43DE-B488-1AAD014B503E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session."
}
],
"id": "CVE-2004-0866",
"lastModified": "2024-11-20T23:49:34.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1011332"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11186"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1011332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the \"Channel Definition Format (CDF) Cross Domain Vulnerability.\""
}
],
"id": "CVE-2005-0056",
"lastModified": "2024-11-20T23:54:18.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013126"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/823971"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/12427"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/823971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/12427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4947"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-02-21 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:4.x:*:*:*:*:*:*:*",
"matchCriteriaId": "45091F51-BA28-4FEB-9F84-58AC2E1DB48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91EB05F7-D88A-40AA-A8CB-F76C449878AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software\u0027s manufacturer is Microsoft."
}
],
"id": "CVE-2000-0160",
"lastModified": "2024-11-20T23:31:51.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2000-02-21T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-02-15\u0026msg=20000221103938.T21312%40securityfocus.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-02-15\u0026msg=20000221103938.T21312%40securityfocus.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-03 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the \"Address Bar Spoofing on Double Byte Character Set Systems Vulnerability.\""
},
{
"lang": "es",
"value": "Internet Explorer 6 en sistemas de Juego de Caract\u00e9res de Byte Doble (BDCS) permite a atacantes remotos alterar la barra de direcciones mostrada y suplantar p\u00e1ginas web mediante una URL conteniendo caracteres especiales, lo que facilita ataques de phising, tambi\u00e9n llamada \"Vulnerabilidad de suplantaci\u00f3n de barra de direcciones en sistemas con juegos de caract\u00e9res de doble byte\""
}
],
"id": "CVE-2004-0844",
"lastModified": "2024-11-20T23:49:33.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/431576"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/431576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a \"data\" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe)."
},
{
"lang": "es",
"value": "Internet Explorer permite a atacantes remotos saltarse restricciones de zona para inyectar y ejecutar programas arbitrarios creando una ventana emergente e insertando un objeto ActiveX con una etiqueta \"data\" apuntando al c\u00f3digo maliciosos, que Internet Explorer trata como HTML o JavaScript, pero luego ejecuta como una aplicaci\u00f3n .HTA; una vulnerabilidad diferente de CAN-2003-0532, y explotada por el virus QHosts."
}
],
"id": "CVE-2003-0838",
"lastModified": "2024-11-20T23:45:38.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106304733121753\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106304876523459\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=106302799428500\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0310\u0026L=ntbugtraq\u0026F=P\u0026S=\u0026P=2169"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/7872"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/8556"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13314"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106304733121753\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106304876523459\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=106302799428500\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0310\u0026L=ntbugtraq\u0026F=P\u0026S=\u0026P=2169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/7872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/8556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-01-20 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the \"Function Pointer Drag and Drop Vulnerability.\""
},
{
"lang": "es",
"value": "Internet Explorer 6 SP1 permite a atacantes remotos enviar acciones de arrastrar y soltar y otras acciones con el rat\u00f3n a otras ventanas usando cacheado de m\u00e9todos (SaveRef) para acceder al m\u00e9todo window.moveBy, que es de otra manera inaccesible, como se demostr\u00f3 por HijackClickV2."
}
],
"id": "CVE-2003-1027",
"lastModified": "2024-11-20T23:46:10.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-01-20T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106979479719446\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1006036"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13844"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106979479719446\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1006036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027."
},
{
"lang": "es",
"value": "Internet Explorer 6SP! y anteriores permite que atacantes remotos redirijan los comportamientos de copias/pegar y otras acciones del rat\u00f3n a otras ventenas, mediante llamada al m\u00e9todo window.moveBy. Tambi\u00e9n se la conoce como vulnerabilidad HijackClick"
}
],
"id": "CVE-2003-0823",
"lastModified": "2024-11-20T23:45:36.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106322197932006\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10192"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1006036"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106322197932006\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/337086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1006036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2024-11-20 23:43
Severity ?
Summary
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en URLMON.DLL en Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una respuesta HTTP conteniendo valores largos en ciertos campos de cabecera."
}
],
"id": "CVE-2003-0113",
"lastModified": "2024-11-20T23:43:59.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-05-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105138417416900\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105718285107246\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/169753"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105138417416900\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105718285107246\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/169753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-19 01:28
Modified
2024-11-21 00:25
Severity ?
Summary
The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| common_controls_replacement_project | foldertreeview_activex_control | * | |
| microsoft | ie | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:common_controls_replacement_project:foldertreeview_activex_control:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29F98C8E-9D77-4A14-AFF4-3516DD3A5676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
"matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value."
},
{
"lang": "es",
"value": "The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) Control ActiveX (ccrpftv6.ocx) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de Internet Explorer 7) mediante un valor de propiedad CCRP.RootFolder largo."
}
],
"id": "CVE-2007-0356",
"lastModified": "2024-11-21T00:25:39.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-19T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/22092"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31549"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/22092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3142"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-30 05:00
Modified
2024-11-20 23:35
Severity ?
Summary
Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:*:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "66815960-CEFF-477A-A147-963A112206CF",
"versionEndIncluding": "6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the \"HTTP Request Encoding vulnerability.\""
}
],
"id": "CVE-2001-0665",
"lastModified": "2024-11-20T23:35:52.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-30T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/1972"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3421"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/1972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7259"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-03 17:55
Modified
2024-11-21 01:28
Severity ?
Summary
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:9:beta:*:*:*:*:*:*",
"matchCriteriaId": "4594B15E-22ED-4DDE-B35A-2CF8F4629729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB024757-60F3-44F9-BCFF-04B2F109D7A2",
"versionEndIncluding": "8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F62AC866-A06F-47DB-AEDF-E345CE0B14A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0AF9C64F-9A67-4BA9-A653-75507935E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D82B89-456D-41CB-A894-B6A22FB4415D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2E21CE6E-2B33-4225-B1DC-C19F1D578040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.308:*:*:*:*:*:*:*",
"matchCriteriaId": "0A652453-AB5F-405C-ABDE-CE1B54FEACED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.520:*:*:*:*:*:*:*",
"matchCriteriaId": "141080AB-48DE-4885-BAB6-6F0937ABD49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1155:*:*:*:*:*:*:*",
"matchCriteriaId": "EB758D76-B7F6-4E87-B88D-620443655CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1158:*:*:*:*:*:*:*",
"matchCriteriaId": "28655AC5-1512-4F45-9963-CA26F73981CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1215:*:*:*:*:*:*:*",
"matchCriteriaId": "C00F4F36-B88A-4FDB-BE52-83C6EF60BDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1300:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC05584-F553-4D29-9C46-C9EE5F0CB166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.544:*:*:*:*:*:*:*",
"matchCriteriaId": "B108A86E-8387-446C-B823-BE6FCAE747A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3F79B8-512A-4B88-868C-7C4ADFD223C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:*:*:*:*:*:*:*",
"matchCriteriaId": "078C3A86-C9F8-4A19-9DDC-1065B54E640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9030923C-356E-4FAB-8E64-03D462B4DB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0FFABC-8BED-4838-85FE-406DC9CF9B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DB4A00-4F70-4189-81BD-9318C52DF2D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FBFE8C8E-F46C-4179-AE83-CE4720C8E0E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:*:*:*:*:*:*:*",
"matchCriteriaId": "61125B09-23AA-4D5A-8332-6B5CCD80C7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:*:*:*:*:*:*:*",
"matchCriteriaId": "3AECF59F-B3C0-44CC-B77A-30E32B3E8BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2314.1003:*:*:*:*:*:*:*",
"matchCriteriaId": "D4690B85-86B9-448E-9249-B3885DEDC60E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2516.1900:*:*:*:*:*:*:*",
"matchCriteriaId": "4E215C82-E4AD-4B87-92D8-DD4D486EB6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500:*:*:*:*:*:*:*",
"matchCriteriaId": "D91F4C80-3B1B-45BD-966F-C9DBF98B875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800:*:*:*:*:*:*:*",
"matchCriteriaId": "F65E0DC1-40F6-4252-945A-A972343D1E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.3800:*:*:*:*:*:*:*",
"matchCriteriaId": "8C07C1A9-1A94-4653-8C57-6FCFC25854E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC57519-AD96-4ECF-A5B2-4E45F7D55298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "37DE3DE6-A355-41F2-BF5E-E7526449E753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB24B4F-44FF-4F0F-90FA-240A34B9599F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106:*:*:*:*:*:*:*",
"matchCriteriaId": "919A6551-DB18-49BD-AB92-4C453B3B728F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101:*:*:*:*:*:*:*",
"matchCriteriaId": "C512DAB3-2720-42D2-B27E-28F30FE0FE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90458F-1F2B-4F4C-88C6-4B670787D126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2EFDB4-97C2-4DDF-8A65-FCFB60FCB540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "4A99CDC7-9341-4DFB-BB18-FF06C05FF9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.3825.1300:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA6BA38-8B3B-4B9A-95BF-BCD412DD83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4030.2400:*:*:*:*:*:*:*",
"matchCriteriaId": "01BD2A05-3FCE-4C5D-8228-968630F27E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0100:*:*:*:*:*:*:*",
"matchCriteriaId": "4430779C-C678-4950-AE9E-82CDFC1A08D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0600:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0EC334-AEAD-43CA-A609-C027060F4F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4308.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF320BE-F022-4E0E-9815-B8AEED87B384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4522.1800:*:*:*:*:*:*:*",
"matchCriteriaId": "75532B2D-6814-4D20-8AEB-E7DFD66B6423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4807.2300:*:*:*:*:*:*:*",
"matchCriteriaId": "83802E30-8E7D-4CAB-B8FC-10056CF833D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "314538E8-48EC-4869-9074-2A1F5B7CBB3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*",
"matchCriteriaId": "F56B3A72-7C5E-4F0C-BBC7-AA13DDFBEE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2600.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "6876CE89-AA70-44C5-8A69-E2ED7A63F570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE2555F-C4BE-482F-8DD9-976D2026058C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "61F352FE-C22E-4B33-A46F-77A164B5DABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "5ACD5A44-0926-4A1B-9900-1E7CC0A561C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3718.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "196CEE37-2E3A-41A7-9AC1-0D5CC3F35D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "3E16BEF4-71AA-4E23-B438-D25FFABDB646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*",
"matchCriteriaId": "1F32702E-F955-4DDB-B235-7C47E882453C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA2B4AD-C04D-4A6B-8570-5A2F5489F750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*",
"matchCriteriaId": "817636ED-5E42-460E-89F1-24D5C64AB8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*",
"matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*",
"matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*",
"matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer v8 y versiones anteriores, y la beta de Internet Explorer v9, no restringen adecuadamente las acciones de arrastrar y soltar a trav\u00e9s de diferentes zonas de seguridad, lo que permite leer archivos de cookies a atacantes remotos asistidos por el usuario a trav\u00e9s de vectores que implican un elemento IFRAME con un atributo SRC que contiene una URL file:, como lo demuestra un juego de Facebook, relacionado con un problema de \"cookiejacking\"."
}
],
"id": "CVE-2011-2382",
"lastModified": "2024-11-21T01:28:10.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-03T17:55:00.763",
"references": [
{
"source": "cve@mitre.org",
"url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388"
},
{
"source": "cve@mitre.org",
"url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt"
},
{
"source": "cve@mitre.org",
"url": "http://news.cnet.com/8301-1009_3-20066419-83.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/"
},
{
"source": "cve@mitre.org",
"url": "http://www.informationweek.com/news/security/vulnerabilities/229700031"
},
{
"source": "cve@mitre.org",
"url": "http://www.networkworld.com/community/node/74259"
},
{
"source": "cve@mitre.org",
"url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/"
},
{
"source": "cve@mitre.org",
"url": "http://www.youtube.com/watch?v=V95CX-3JpK0"
},
{
"source": "cve@mitre.org",
"url": "http://www.youtube.com/watch?v=VsSkcnIFCxM"
},
{
"source": "cve@mitre.org",
"url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://news.cnet.com/8301-1009_3-20066419-83.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.informationweek.com/news/security/vulnerabilities/229700031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.networkworld.com/community/node/74259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.youtube.com/watch?v=V95CX-3JpK0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.youtube.com/watch?v=VsSkcnIFCxM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:01
Severity ?
Summary
Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window."
}
],
"id": "CVE-2005-3240",
"lastModified": "2024-11-21T00:01:25.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18787"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015049"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/2707"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16352"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0553"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/2707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-17 01:04
Modified
2024-11-21 00:15
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6.0 SP1 y posiblemente otras versiones permite a atacantes remotos provocar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n instanciando objetos COM como controles ActiveX, incluyendo (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), y (3) msoe.dll (Outlook), lo que lleva a una corrupci\u00f3n de memoria. NOTA: no est\u00e1 confirmado si este problema est\u00e1 en Internet Explorer o en los archivos DLL individuales."
}
],
"id": "CVE-2006-4193",
"lastModified": "2024-11-21T00:15:21.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-17T01:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1402"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/29345"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/29346"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/29347"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/443290/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/443295/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/443299/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19521"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19529"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19530"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=10"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=8"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=9"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28436"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28438"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/443290/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/443295/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/443299/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28439"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-14 21:07
Modified
2024-11-21 00:16
Severity ?
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 5.01 hasta 6 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante combinaciones de dise\u00f1o artesanales implicando etiquetas DIV y propiedades float de HTML CSS que disparan una corrupci\u00f3n de memoria, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria al traducir HTML\"."
}
],
"id": "CVE-2006-4687",
"lastModified": "2024-11-21T00:16:33.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-11-14T21:07:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1017223"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/197852"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/31323"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/451590/100/100/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/21020"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4505"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-041.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29199"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/197852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/31323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/451590/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-01-04 05:00
Modified
2024-11-20 23:29
Severity ?
Summary
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 3.0 | |
| microsoft | ie | 3.1 | |
| microsoft | ie | 4.0 | |
| microsoft | internet_explorer | 4.0 | |
| microsoft | internet_explorer | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:3.0:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "2277E59E-D981-4D9D-8FC0-F124FB8B9C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:3.1:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "C6CB69E1-189F-425C-9023-DE2741669507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EB817B2B-6F65-4989-9177-153518F32894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Internet Explorer 4.0 via EMBED tag."
}
],
"id": "CVE-1999-0876",
"lastModified": "2024-11-20T23:29:44.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-01-04T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ185959"
},
{
"source": "cve@mitre.org",
"url": "http://support.microsoft.com/support/kb/articles/q176/6/97.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ185959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.microsoft.com/support/kb/articles/q176/6/97.asp"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-23 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | ip600_media_servers | * | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 | |
| avaya | definity_one_media_server | * | |
| avaya | s3400 | * | |
| avaya | s8100 | * | |
| avaya | modular_messaging_message_storage_server | 1.1 | |
| avaya | modular_messaging_message_storage_server | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB0BA4C-BA48-4DDA-917E-9EA9E04A898F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E25F5CF2-F891-41CA-A40C-13966F72FDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7417958C-5321-41D6-9D1A-D16BF5511E81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from \"memory corruption\") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the \"\u003cSTYLE\u003e@;/*\" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the \"CSS Heap Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Internet Explorer 6.1 SP1 y anteriores, y posiblemente otras versiones, permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n por \"corrupci\u00f3n de memoria\") mediante ciertos elementos de Hoja de Estilos en Cascada (CSS), como se ha demostrado usanto la cadena \"\u003cSTYLE\u003e@;/*\", posiblemente debido a un terminador de comentario ausente que puede causar una longitud inv\u00e1lida que dispare una operaci\u00f3n de copia de memoria grande."
}
],
"id": "CVE-2004-0842",
"lastModified": "2024-11-20T23:49:32.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12806"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.ecqurity.com/adv/IEstyle.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/291304"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10816"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109107496214572\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=109060455614702\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=109102919426844\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/p-006.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.ecqurity.com/adv/IEstyle.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/291304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/exploits/5NP042KF5A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6579"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-09-15 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin."
}
],
"id": "CVE-2004-1686",
"lastModified": "2024-11-20T23:51:29.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-15T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109539520310153\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11200"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109539520310153\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20617"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-04-22 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:3.0:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "2277E59E-D981-4D9D-8FC0-F124FB8B9C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:3.1:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "C6CB69E1-189F-425C-9023-DE2741669507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "B1C0170E-9574-4C90-94F3-F2C2851E2917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0:a_mac_os:*:*:*:*:*:*",
"matchCriteriaId": "35AA9DC0-0694-48FC-8652-831DFAB29226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "D4A15873-B3D2-4017-99CF-E3625FD227F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:4.5:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "55EAB232-C39A-4737-85F3-3D727C727F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:macos:*:*:*:*:*",
"matchCriteriaId": "D3F350E9-3677-43B3-984F-DA39397D6885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.1:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "4CF91C2F-EE6D-4C9E-8F39-1F632399EC49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the \"Local Applescript Invocation\" vulnerability."
},
{
"lang": "es",
"value": "Internet Explorer 5.1 para Macintosh permite a atacantes remotos evadir comprobaciones de seguridad e invocar AppleScripts locales dentro de un elemento HTML espec\u00edfico. Tambien conocido como vulnerabilidad de \"Invocaci\u00f3n local de AppleScript\""
}
],
"id": "CVE-2002-0153",
"lastModified": "2024-11-20T23:38:26.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-04-22T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8851.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5356"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/251805"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3935"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8851.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/251805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7969"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-11-29 05:00
Modified
2024-11-20 23:40
Severity ?
Summary
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | data_access_components | 2.1 | |
| microsoft | data_access_components | 2.5 | |
| microsoft | data_access_components | 2.6 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:data_access_components:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BFD086-7F94-4482-AC27-E4FAD418B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:data_access_components:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "49A5B686-0B8A-4904-8166-24D899D24ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:data_access_components:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "01EAE3CC-D507-40A4-9198-873EE0E3DCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en la pila en el componente Remote Data Services (RDS) - Servicios de Datos Remotos de Microsoft Data Access Components (MDAC) 2.1 a 2.6, y en Internet Explorer 5.01 a 6.0 permite a atacantes remotos ejecutar c\u00f3digo mediante una petici\u00f3n HTTP malformada al toc\u00f3n (stub de datos)."
}
],
"id": "CVE-2002-1142",
"lastModified": "2024-11-20T23:40:41.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-11-29T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-33.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/542081"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6214"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10659"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10669"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-33.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/542081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the \"Object Type\" vulnerability."
},
{
"lang": "es",
"value": "Internet Explorer 5.01 SP3 a 6.0 SP1 no determina adecuadamente tipos de objetos devueltos por los servidores web, lo que podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una etiqueta \"object\" con un par\u00e1metro de datos a un fichero malicioso almacenado en un servidor que devuelve un \"Content-Type\" inseguro; tambi\u00e9n llamada vulnerabilidad de \"Tipo de Objeto\"."
}
],
"id": "CVE-2003-0532",
"lastModified": "2024-11-20T23:44:57.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106149026621753\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.eeye.com/html/Research/Advisories/AD20030820.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/865940"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106149026621753\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.eeye.com/html/Research/Advisories/AD20030820.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/865940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick \"A\" object with a blank href attribute."
}
],
"id": "CVE-2003-1484",
"lastModified": "2024-11-20T23:47:16.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3292"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/320544"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/7502"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/320544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/7502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11946"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-12-06 05:00
Modified
2024-11-20 23:30
Severity ?
Summary
Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol."
}
],
"id": "CVE-1999-0989",
"lastModified": "2024-11-20T23:30:00.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-12-06T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/861"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-18 15:47
Modified
2024-11-21 00:14
Severity ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s del acceso a referencia a objeto de un objeto Active X FolderItem, el cual dispara un referencia null en la validaci\u00f3n de seguridad."
}
],
"id": "CVE-2006-3658",
"lastModified": "2024-11-21T00:14:07.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-18T15:47:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27059"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2814"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27760"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-07-07 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 6.0.2800.1106 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP."
},
{
"lang": "es",
"value": "Internet Explorer 6.0.2800.1106 sobre Windows XP y posiblemente otras versiones, permite a atacantes remotos suplantar el tipo de un de un fichero mediante un especificador CLSID en el nombre del fichero."
}
],
"id": "CVE-2004-0420",
"lastModified": "2024-11-20T23:48:33.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-07-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10736/"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/106324"
},
{
"source": "cve@mitre.org",
"url": "http://www.security-express.com/archives/bugtraq/2004-01/0300.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/351379"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9510"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14964"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10736/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/106324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.security-express.com/archives/bugtraq/2004-01/0300.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/351379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3604"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-02 10:18
Modified
2024-11-21 00:12
Severity ?
Summary
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file."
}
],
"id": "CVE-2006-2766",
"lastModified": "2024-11-21T00:12:01.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-06-02T10:18:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20384"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016654"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/891204"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25949"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/435492/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/435609/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/435616/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18198"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2088"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26810"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/891204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/435492/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/435609/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/435616/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-28 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE."
}
],
"id": "CVE-2005-1791",
"lastModified": "2024-11-20T23:58:08.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-05-28T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111746303509720\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/13798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111746303509720\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/13798"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-08 23:19
Modified
2024-11-21 00:27
Severity ?
Summary
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2000 | * | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | internet_explorer | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:x64:*:*:*:*:*",
"matchCriteriaId": "C0507FBE-8679-4CE3-946A-E91CD8DAEC41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
"matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*",
"matchCriteriaId": "D21D1DFE-F61B-407E-A945-4F42F86947B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*",
"matchCriteriaId": "3461CEA0-6CCF-4AA9-B83A-420E1310C83C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*",
"matchCriteriaId": "74EE55A2-6020-4591-9F15-80E57D19207C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:x64:*:*:*:*:*",
"matchCriteriaId": "C0507FBE-8679-4CE3-946A-E91CD8DAEC41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
"matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*",
"matchCriteriaId": "D21D1DFE-F61B-407E-A945-4F42F86947B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*",
"matchCriteriaId": "3461CEA0-6CCF-4AA9-B83A-420E1310C83C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*",
"matchCriteriaId": "F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*",
"matchCriteriaId": "74EE55A2-6020-4591-9F15-80E57D19207C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly \"instantiate certain COM objects as ActiveX controls,\" which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer versi\u00f3n 5.01 SP4 en Windows 2000 SP4; versi\u00f3n 6 SP1 en Windows 2000 SP4; versiones 6 y 7 en Windows XP SP2, o Windows Server 2003 SP1 o SP2; y posiblemente versi\u00f3n 7 en Windows Vista \"instantiate certain COM objects as ActiveX controls\" inapropiadamente, que permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un objeto COM creado de la biblioteca chtskdic.dll."
}
],
"id": "CVE-2007-0942",
"lastModified": "2024-11-21T00:27:07.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-08T23:19:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23769"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/34399"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1018019"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1712"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33252"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/34399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:04
Severity ?
Summary
Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/17565 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17565 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site."
}
],
"id": "CVE-2005-4679",
"lastModified": "2024-11-21T00:04:54.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17565"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-14 11:03
Modified
2024-11-21 00:00
Severity ?
Summary
Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the \"Run\" button, aka \"File Download Dialog Box Manipulation Vulnerability.\""
},
{
"lang": "es",
"value": "M\u00faltiples errores de dise\u00f1o en Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) superponiendo y ventana nueva maliciosa a un cuadro de descarga de fichero, y entonces (2) usando un atajo de teclado y demorando la visualizaci\u00f3n del cuadro de descarga de ficheros hasta que el usuario pulsa un acceso directo que activa el bot\u00f3n \"Ejecutar\", tcc \"Vulnerabilidad de Manipulaci\u00f3n de Cuadro de Descarga de Fichero\".\r\n"
}
],
"id": "CVE-2005-2829",
"lastModified": "2024-11-21T00:00:30.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-12-14T11:03:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=full-disclosure\u0026m=113450519906463\u0026w=2"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15368"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18064"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18311"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-21/advisory"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-7/advisory/"
},
{
"source": "secure@microsoft.com",
"url": "http://securityreason.com/securityalert/254"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1015349"
},
{
"source": "secure@microsoft.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/419395/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15823"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"source": "secure@microsoft.com",
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23448"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=113450519906463\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-21/advisory"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-7/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/419395/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1507"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-18 14:20
Modified
2024-11-21 00:46
Severity ?
Summary
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 8.0b | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:8.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "587DAAD1-F33D-41EB-B752-36B9D87FC19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la caracter\u00edstica Print Table of Links de Internet Explorer 6.0, 7.0 y 8.0b permite a atacantes remotos asistidos por el usuario inyectar secuencias de comandos web o HTML en la Zona de M\u00e1quina Local mediante un documento HTML con un enlace que contiene secuencias JavaScript, que se eval\u00faan por un script de recurso cuando un usuario imprime el documento."
}
],
"id": "CVE-2008-2281",
"lastModified": "2024-11-21T00:46:30.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-05-18T14:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30141"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29217"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1529/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42416"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1529/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5619"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-14 21:17
Modified
2024-11-21 00:27
Severity ?
Summary
Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en Internet Explorer versiones 5.01 y 6 SP1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de cadenas de Cascading Style Sheets (CSS) dise\u00f1adas que desencadenan una corrupci\u00f3n de memoria durante el an\u00e1lisis, relacionados con el uso de punteros fuera de l\u00edmites."
}
],
"id": "CVE-2007-0943",
"lastModified": "2024-11-21T00:27:07.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-14T21:17:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26419"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1018562"
},
{
"source": "secure@microsoft.com",
"url": "http://www.nsfocus.com/english/homepage/research/0701.htm"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/36397"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/25288"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2869"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nsfocus.com/english/homepage/research/0701.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/36397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1673"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-15 19:30
Modified
2024-11-21 01:04
Severity ?
Summary
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C26125C2-2476-43E8-8878-8C1A5A8B244F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "FED6949F-54D0-4D36-B6A8-59EBFA2611E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "226A1B77-A80E-4ADE-8318-749CD1AD7CD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F62AC866-A06F-47DB-AEDF-E345CE0B14A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0AF9C64F-9A67-4BA9-A653-75507935E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D82B89-456D-41CB-A894-B6A22FB4415D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2E21CE6E-2B33-4225-B1DC-C19F1D578040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.308:*:*:*:*:*:*:*",
"matchCriteriaId": "0A652453-AB5F-405C-ABDE-CE1B54FEACED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.520:*:*:*:*:*:*:*",
"matchCriteriaId": "141080AB-48DE-4885-BAB6-6F0937ABD49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1155:*:*:*:*:*:*:*",
"matchCriteriaId": "EB758D76-B7F6-4E87-B88D-620443655CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1158:*:*:*:*:*:*:*",
"matchCriteriaId": "28655AC5-1512-4F45-9963-CA26F73981CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1215:*:*:*:*:*:*:*",
"matchCriteriaId": "C00F4F36-B88A-4FDB-BE52-83C6EF60BDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1300:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC05584-F553-4D29-9C46-C9EE5F0CB166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.544:*:*:*:*:*:*:*",
"matchCriteriaId": "B108A86E-8387-446C-B823-BE6FCAE747A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3F79B8-512A-4B88-868C-7C4ADFD223C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:*:*:*:*:*:*:*",
"matchCriteriaId": "078C3A86-C9F8-4A19-9DDC-1065B54E640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9030923C-356E-4FAB-8E64-03D462B4DB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0FFABC-8BED-4838-85FE-406DC9CF9B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DB4A00-4F70-4189-81BD-9318C52DF2D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FBFE8C8E-F46C-4179-AE83-CE4720C8E0E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:*:*:*:*:*:*:*",
"matchCriteriaId": "61125B09-23AA-4D5A-8332-6B5CCD80C7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:*:*:*:*:*:*:*",
"matchCriteriaId": "3AECF59F-B3C0-44CC-B77A-30E32B3E8BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2314.1003:*:*:*:*:*:*:*",
"matchCriteriaId": "D4690B85-86B9-448E-9249-B3885DEDC60E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500:*:*:*:*:*:*:*",
"matchCriteriaId": "D91F4C80-3B1B-45BD-966F-C9DBF98B875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800:*:*:*:*:*:*:*",
"matchCriteriaId": "F65E0DC1-40F6-4252-945A-A972343D1E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.3800:*:*:*:*:*:*:*",
"matchCriteriaId": "8C07C1A9-1A94-4653-8C57-6FCFC25854E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC57519-AD96-4ECF-A5B2-4E45F7D55298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "37DE3DE6-A355-41F2-BF5E-E7526449E753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB24B4F-44FF-4F0F-90FA-240A34B9599F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106:*:*:*:*:*:*:*",
"matchCriteriaId": "919A6551-DB18-49BD-AB92-4C453B3B728F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101:*:*:*:*:*:*:*",
"matchCriteriaId": "C512DAB3-2720-42D2-B27E-28F30FE0FE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90458F-1F2B-4F4C-88C6-4B670787D126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2EFDB4-97C2-4DDF-8A65-FCFB60FCB540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "4A99CDC7-9341-4DFB-BB18-FF06C05FF9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.3825.1300:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA6BA38-8B3B-4B9A-95BF-BCD412DD83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4030.2400:*:*:*:*:*:*:*",
"matchCriteriaId": "01BD2A05-3FCE-4C5D-8228-968630F27E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0600:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0EC334-AEAD-43CA-A609-C027060F4F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4308.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF320BE-F022-4E0E-9815-B8AEED87B384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4522.1800:*:*:*:*:*:*:*",
"matchCriteriaId": "75532B2D-6814-4D20-8AEB-E7DFD66B6423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4807.2300:*:*:*:*:*:*:*",
"matchCriteriaId": "83802E30-8E7D-4CAB-B8FC-10056CF833D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "314538E8-48EC-4869-9074-2A1F5B7CBB3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*",
"matchCriteriaId": "F56B3A72-7C5E-4F0C-BBC7-AA13DDFBEE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE2555F-C4BE-482F-8DD9-976D2026058C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "61F352FE-C22E-4B33-A46F-77A164B5DABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "5ACD5A44-0926-4A1B-9900-1E7CC0A561C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "3E16BEF4-71AA-4E23-B438-D25FFABDB646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*",
"matchCriteriaId": "1F32702E-F955-4DDB-B235-7C47E882453C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA2B4AD-C04D-4A6B-8570-5A2F5489F750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*",
"matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*",
"matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*",
"matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer anterior a 8 muestra un certificado cacheado para una p\u00e1gina de respuesta CONEXI\u00d3N (1) 4xx o (2) 5xx por un servidor proxy, lo que permite a los atacantes \"hombre en el medio\" suplantar una p\u00e1gina https permitiendo al navegador obtener un certificado v\u00e1lido desde esta p\u00e1gina, durante una petici\u00f3n, y enviando al navegador una p\u00e1gina de repuesta 502 manipulada sobre la subsiguiente petici\u00f3n."
}
],
"id": "CVE-2009-2069",
"lastModified": "2024-11-21T01:04:03.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-15T19:30:05.687",
"references": [
{
"source": "cve@mitre.org",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
},
{
"source": "cve@mitre.org",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35411"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-03 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site."
},
{
"lang": "es",
"value": "Internet Explorer 5.01, 5.5, y 6 no hace cach\u00e9 adecuadamente de contenido SSL, lo que permite a atacantes remotos obtener informaci\u00f3n o suplantar contenido mediante un sitio web con el mismo nombre de m\u00e1quina como el sitio web objetivo, cuyo contenido es almacenado en cach\u00e9 y reutilizado cuando el usuario visita el sitio web objetivo."
}
],
"id": "CVE-2004-0845",
"lastModified": "2024-11-20T23:49:33.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109770364504803\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/795720"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17654"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109770364504803\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/795720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-13 22:28
Modified
2024-11-21 00:25
Severity ?
Summary
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2000 | * | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | windows_2000 | * | |
| microsoft | ie | 6.0 | |
| microsoft | windows_2003_server | gold | |
| microsoft | windows_2003_server | gold | |
| microsoft | windows_2003_server | gold | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*",
"matchCriteriaId": "B058588A-88F3-4789-8EA9-0D37447B08CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*",
"matchCriteriaId": "3C9649DB-D417-4CCC-9F61-685ECB355AD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*",
"matchCriteriaId": "722526B1-12E3-42E7-95ED-84A86D0C189A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption."
},
{
"lang": "es",
"value": "El c\u00f3digo del cliente FTP wininet.dll en Microsoft Internet Explorer 5.01 y 6 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una respuesta FTP del servidor de una longitud espec\u00edfica que provoca que el byte nulo de terminaci\u00f3n sea escrito fuera del b\u00fafer, lo cual provoca la corrupci\u00f3n de la pila."
}
],
"id": "CVE-2007-0217",
"lastModified": "2024-11-21T00:25:16.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-13T22:28:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/24156"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/613564"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/31892"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/22489"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1017642"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/613564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/31892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-18 19:04
Modified
2024-11-21 00:15
Severity ?
Summary
The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN."
},
{
"lang": "es",
"value": "El objeto COM de Servicios de Terminal (tsuserex.dll) permite a atacantes remotos provocar unad enegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n instanci\u00e1ndolo como un objeto ActiveX en Internet Explorer 6.0 SP1 en Microsoft Windows 2003 EE SP1 CN."
}
],
"id": "CVE-2006-4219",
"lastModified": "2024-11-21T00:15:25.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-18T19:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1403"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/443493/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19570"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=14"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/443493/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28444"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type \"text/html\" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion."
}
],
"id": "CVE-2002-1714",
"lastModified": "2024-11-20T23:41:56.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/268776"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4564"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/268776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8904"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-13 19:06
Modified
2024-11-21 00:11
Severity ?
Summary
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*",
"matchCriteriaId": "480D8321-EB2F-4626-A16B-F3C2B771EDB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E3538DA2-B040-426D-9ADC-7C5BE9C2D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*",
"matchCriteriaId": "3F633513-6E9A-4F2D-964A-6AFDE5307AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4ED8947F-2490-41CA-A7B3-2C93D69C3F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6E3EB90-92C9-4B69-B58C-087D382DC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*",
"matchCriteriaId": "F3AF27C8-C2FA-477D-8332-B96277530B4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BB1CE6C6-6E6E-4C4E-A7B1-DC6651864298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "4E9E190B-A109-4177-A5B5-7BD32573762E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*",
"matchCriteriaId": "709E6DA0-09F8-4EAB-B1B2-D4D0A7771AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4B5F54BB-A80E-42F2-A700-82C1240E23D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AC387D-BB23-4EB9-A7DA-6E3F5CD8EFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76BDFB16-D71F-4E33-83FD-F0F2AE2FAE7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
"matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*",
"matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*",
"matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*",
"matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
"matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption."
}
],
"id": "CVE-2006-2378",
"lastModified": "2024-11-21T00:11:11.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-13T19:06:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20605"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1016292"
},
{
"source": "secure@microsoft.com",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/923236"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/26432"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18394"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/2320"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26809"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/923236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-03 21:30
Modified
2024-11-21 00:33
Severity ?
Summary
Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka \"Internet Explorer Zone Domain Specification Dos and Page Suppressing\". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Microsoft Internet Explorer versi\u00f3n 6.0 y versi\u00f3n 7.0 permite a atacantes remotos rellenar Zonas con dominios de su elecci\u00f3n utilizando determinados metacaracteres tales como comodines mediante JavaScript, lo cual resulta en una denegaci\u00f3n de servicio (supresi\u00f3n de sitios web y agotamiento de recursos), tambi\u00e9n conocida como \"Internet Explorer Zone Domain Specification Dos and Page Suppressing\". NOTA: esta cuesti\u00f3n ha sido discutida por una tercera parte, la cual establece que la configuraci\u00f3n de la zona no puede ser manipulada."
}
],
"id": "CVE-2007-3550",
"lastModified": "2024-11-21T00:33:30.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-03T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/45814"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2855"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.secniche.org/advisory/Internet_Dos_Adv.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/472651/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/473662"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485536/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/24744"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/45814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.secniche.org/advisory/Internet_Dos_Adv.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/472651/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/473662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485536/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/24744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35455"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-07-27 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability."
},
{
"lang": "es",
"value": "Internet Explorer para Mac 5.2.3, Internet Explorer 6 en Windows XP, u posiblemente otras versiones, no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantaci\u00f3n de sitios web y otros ataques. Vulnerabilidad tambi\u00e9n conocida como \"de inyecci\u00f3n de marco\"."
}
],
"id": "CVE-2004-0719",
"lastModified": "2024-11-20T23:49:14.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-07-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11966"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11978"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-27 22:03
Modified
2024-11-21 00:05
Severity ?
Summary
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054."
}
],
"id": "CVE-2006-0057",
"lastModified": "2024-11-21T00:05:33.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-27T22:03:00.000",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/998297"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/23657"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/16409"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/998297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24379"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-12 00:46
Modified
2024-11-21 00:37
Severity ?
Summary
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 5.x | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.1 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.2.3 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 6.0.2600 | |
| microsoft | internet_explorer | 6.0.2800 | |
| microsoft | internet_explorer | 6.0.2800.1106 | |
| microsoft | internet_explorer | 6.0.2900 | |
| microsoft | internet_explorer | 6.0.2900.2180 | |
| microsoft | internet_explorer | 7 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0.5730.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*",
"matchCriteriaId": "B0DCFCBD-8EDF-47B5-823F-5E05CD22AF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via \"unexpected method calls to HTML objects,\" aka \"DHTML Object Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 5.01 hasta la 7 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de \"llamadas a m\u00e9todos no esperados de objetos HTML\", tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de objeto de memoria DHTML\"."
}
],
"id": "CVE-2007-5347",
"lastModified": "2024-11-21T00:37:42.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-12T00:46:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/28036"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1019078"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/26427"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38716"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4332"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-08 23:04
Modified
2024-11-21 00:13
Severity ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n usando la funci\u00f3n Javascript document.getElementByID para acceder a elementos de Hojas de Estilo en Cascada (CSS) manipulados, y posiblemente otros vectores no especificados relacionados con determinadas combinaciones de posicionamiento en el dise\u00f1o de un archivo HTML."
}
],
"id": "CVE-2006-3450",
"lastModified": "2024-11-21T00:13:38.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-08T23:04:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21396"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1016663"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/119180"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/27855"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/442579/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19312"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/119180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/442579/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-08 23:05
Modified
2024-11-21 00:43
Severity ?
Summary
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*",
"matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7:*:windows_server_2003:*:*:*:*:*",
"matchCriteriaId": "5B5F31E2-2060-45BC-9724-A447544905E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "574EE6CB-7AF4-4DE2-B668-36BBCB19FCC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "BE2858A5-C9BF-40D8-B3D2-056562BF1C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_sp2:*:*:*:*:*",
"matchCriteriaId": "75234062-241B-421A-B7BC-610A5B0D8EF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_sp2_itanium:*:*:*:*:*",
"matchCriteriaId": "82D6ABD4-C607-44E8-8D84-25406AE0F3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_x64_edition:*:*:*:*:*",
"matchCriteriaId": "379FE901-58AC-4F47-9B3B-9A40D723CC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_server_2003_x64_edition_sp2:*:*:*:*:*",
"matchCriteriaId": "EC18DBBB-9C9E-4532-B390-92C35E52943A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_xp_professional_x64_edition:*:*:*:*:*",
"matchCriteriaId": "49C8060E-CFB9-4EEA-B5B9-B7607B046AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:windows_xp_professional_x64_edition_sp2:*:*:*:*:*",
"matchCriteriaId": "FB17CABD-21BE-454F-9602-19DB444A574C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp2:*:*:*:*:*",
"matchCriteriaId": "3994AE83-EC42-4893-AF51-BC98F35A53CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_sp2_itanium:*:*:*:*:*",
"matchCriteriaId": "33F4B074-7BA5-4A36-A866-945D771D2EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_x64_edition:*:*:*:*:*",
"matchCriteriaId": "491333D2-FDB1-4FC8-B54C-19E06B57FC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2003_x64_edition_sp2:*:*:*:*:*",
"matchCriteriaId": "E8453618-EDD7-41F4-840E-AA323A873B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2008_itanium_edition:*:*:*:*:*",
"matchCriteriaId": "35B0471D-79F8-4DB8-B777-57054CE11B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2008_x32_edition:*:*:*:*:*",
"matchCriteriaId": "DE97ECE1-417A-4E5D-A4A6-730C10694397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_server_2008_x64_edition:*:*:*:*:*",
"matchCriteriaId": "DCD51C3D-0A76-4552-A292-448C65859ED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_vista:*:*:*:*:*",
"matchCriteriaId": "E5E8CC5B-B8E9-4B54-AE32-4632E77F0320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_vista_x64:*:*:*:*:*",
"matchCriteriaId": "EA7D9655-718E-42D6-9752-64BA3AAC5546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_xp_professional_x64_edition:*:*:*:*:*",
"matchCriteriaId": "8E5B894F-6E15-46DA-93B4-EAB9468D37A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:windows_xp_professional_x64_edition_sp2:*:*:*:*:*",
"matchCriteriaId": "CCE0AF0B-DF2A-4F3F-8F5C-0E4056A34229",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n en Microsoft Internet Explorer 5.01 SP4, 6 hasta SP1, y 7, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena de datos manipulada que provoca una corrupci\u00f3n de memoria, tal como se ha demostrado utilizando un MIME-type no v\u00e1lido que no conten\u00eda un manejador registrado."
}
],
"id": "CVE-2008-1085",
"lastModified": "2024-11-21T00:43:38.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-04-08T23:05:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
},
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27707"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2007-100/advisory/"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/490840/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/28552"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1019801"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2008/1148/references"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2007-100/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490840/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1148/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-07-07 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference."
},
{
"lang": "es",
"value": "Internet Explorer 6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante Javascritp que crea una ventana emergente y desactiva la funcionalidad imagetoolbar con una etiqueta META, lo que dispara una desreferencia nula."
}
],
"id": "CVE-2004-0479",
"lastModified": "2024-11-20T23:48:40.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-07-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=vuln-dev\u0026m=108457938412310\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=vuln-dev\u0026m=108476938219070\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021500.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=vuln-dev\u0026m=108457938412310\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=vuln-dev\u0026m=108476938219070\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-31 23:04
Modified
2024-11-21 00:14
Severity ?
Summary
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en NDFXArtEffects de Microsoft Internet Explorer 6 en Windows XP SP2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante propiedades largas (1) RGBExtraColor, (2) RGBForeColor, y (3) RGBBackColor."
}
],
"id": "CVE-2006-3943",
"lastModified": "2024-11-21T00:14:46.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-07-31T23:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27530"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19184"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28046"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-23 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | ip600_media_servers | * | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 | |
| avaya | definity_one_media_server | * | |
| avaya | s3400 | * | |
| avaya | s8100 | * | |
| avaya | modular_messaging_message_storage_server | 1.1 | |
| avaya | modular_messaging_message_storage_server | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB0BA4C-BA48-4DDA-917E-9EA9E04A898F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E25F5CF2-F891-41CA-A40C-13966F72FDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7417958C-5321-41D6-9D1A-D16BF5511E81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka \"HijackClick 3\" and the \"Script in Image Tag File Download Vulnerability.\""
},
{
"lang": "es",
"value": "Internet Explorer 6.x permite a atacantes remotos instalar programas de su elecci\u00f3n mediante eventos mousedown que llaman al m\u00e9todo Popup.show y usan acciones \"arrastrar y soltar\" en una ventana emergente, tambi\u00e9n conocida como \"HijackClick 3\" y la \"Vulnerabilidad de descarga de fichero con scritp en etiqueta de imagen\""
}
],
"id": "CVE-2004-0841",
"lastModified": "2024-11-20T23:49:32.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12048"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010679"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/7774"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/368652"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/368666"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10690"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/413886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/7774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/368652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/368666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8077"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-20 17:30
Modified
2024-11-21 01:15
Severity ?
Summary
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 8.0.7600.16385 | |
| microsoft | internet_explorer | 6.0.2900.2180 | |
| microsoft | internet_explorer | 7 | |
| microsoft | internet_explorer | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:8.0.7600.16385:*:*:*:*:*:*:*",
"matchCriteriaId": "1B5A9719-9C14-4843-A6A9-CF4AF804B37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer v6.0.2900.2180, v7 y v8.0.7600.16385 ejecuta una aplicaci\u00f3n mail en situaciones d\u00f3nde un elemento IFRAME tiene un mailto: URL en su atributo SRC lo que permite a atacantes remotos provocar una denegaci\u00f3n del servicio (lanzamiento de demasiadas aplicaciones) a trav\u00e9s de un documento HTML con varios elementos IFRAME"
}
],
"id": "CVE-2010-1991",
"lastModified": "2024-11-21T01:15:39.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-20T17:30:01.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/4206/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/511327/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/4206/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511327/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-08 11:03
Modified
2024-11-21 00:03
Severity ?
Summary
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka \"CSSXSS\" and \"CSS Cross-Domain Information Disclosure Vulnerability.\""
}
],
"id": "CVE-2005-4089",
"lastModified": "2024-11-21T00:03:29.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-08T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17564"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016291"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.hacker.co.il/security/ie/css_import.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15660"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2804"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1800"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1838"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1914"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1977"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.hacker.co.il/security/ie/css_import.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1985"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-14 11:03
Modified
2024-11-21 00:00
Severity ?
Summary
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka \"HTTPS Proxy Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Interntet Explorer 5.01, 5.5 y 6, cuando usan un servidor proxy HTTPS que requiere autenticaci\u00f3n b\u00e1sica, env\u00eda la URL en texto claro, lo que permite a atacantes remotos obtener informaci\u00f3n sensible, tcc \"Vulnerabilidad proxy HTTPS\""
}
],
"id": "CVE-2005-2830",
"lastModified": "2024-11-21T00:00:31.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-14T11:03:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/15368"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/18064"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/18311"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1015350"
},
{
"source": "secure@microsoft.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15825"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"source": "secure@microsoft.com",
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23451"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=375420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-23 01:04
Modified
2024-11-21 00:15
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6.0 SP1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un atributo Color largo en m\u00faltiples objetos DirectX Media Image DirectX Transforms ActiveX COM de (a) dxtmsft.dll y (b) dxtmsft3.dll, incluyendo (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1 y (3) DX3DTransform.Microsoft.Shapes.1."
}
],
"id": "CVE-2006-4301",
"lastModified": "2024-11-21T00:15:37.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-23T01:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1439"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/29524"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/29525"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/443907/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19640"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=17"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28516"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/443907/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4251"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks."
}
],
"id": "CVE-2005-0500",
"lastModified": "2024-11-20T23:55:16.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=110895997201027\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/14335"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/12602"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=110895997201027\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/12602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19452"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-11 22:05
Modified
2024-11-21 00:13
Severity ?
Summary
The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server:*:*:*:*:*",
"matchCriteriaId": "8D4BD1B0-8A91-4ED2-9C0D-BF87D18A01C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_2000:*:*:*:*:*",
"matchCriteriaId": "09A21D9F-6F51-4761-B7DB-E79CE60A0E09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read."
},
{
"lang": "es",
"value": "The Remote Data Service Object (RDS.DataControl) de Microsoft Internet Explorer 6 en Windows 2000 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de series de operaciones que resultan en una longitud de c\u00e1lculo no v\u00e1lida cuando se utiliza SysAllocStringLen, entonces se dispara una sobre-lectura de b\u00fafer."
}
],
"id": "CVE-2006-3510",
"lastModified": "2024-11-21T00:13:47.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-11T22:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26955"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18900"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2718"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27621"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-18 02:02
Modified
2024-11-21 00:07
Severity ?
Summary
Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status."
},
{
"lang": "es",
"value": "Fuga de memoria en Microsoft Internet Explorer 6 para Windows XP Service Pack 2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de JavaScript que utiliza setInterval para llamar a una funci\u00f3n repetidamente para establecer el valor de window.status."
}
],
"id": "CVE-2006-0753",
"lastModified": "2024-11-21T00:07:15.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-02-18T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23307"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/424959/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/424959/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24846"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:frontpage:97:*:*:*:*:*:*:*",
"matchCriteriaId": "74459B0D-BF34-4F46-BE89-7D720EA520EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:frontpage:98:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F2F998-5866-4DA7-88CF-7987E971947E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:3.0.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "731F2F05-A1BB-4BE8-B761-EE04ED6ABBE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values."
}
],
"id": "CVE-2004-2179",
"lastModified": "2024-11-20T23:52:41.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/378431"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/378619"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/11412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/378431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/378619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/11412"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-11 23:02
Modified
2024-11-21 00:08
Severity ?
Summary
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 5.0.1 | |
| microsoft | ie | 5.01 | |
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.1 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption."
}
],
"id": "CVE-2006-1186",
"lastModified": "2024-11-21T00:08:15.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-11T23:02:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18957"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1015900"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/17453"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-07 11:28
Modified
2024-11-21 00:26
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "CD115D64-87D8-4868-B247-16B83591B7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:windows_xp:*:*:*:*:*",
"matchCriteriaId": "B0BFE49F-932B-469C-9B3C-5011D093E1DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6.0 SP1 en Windows 2000, y 6.0 SP2 en Windows XP, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda de aplicaci\u00f3n) mediante un documento HTML conteniendo c\u00f3digo JavaScript concreto para un bucle, con cuerpo de bucle vac\u00edo, posiblemente involucrando la funci\u00f3n getElementById."
}
],
"id": "CVE-2007-0811",
"lastModified": "2024-11-21T00:26:48.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-07T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37636"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://www.powerhacker.net/exploit/IE_NULL_CRASH.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22408"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://www.powerhacker.net/exploit/IE_NULL_CRASH.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3272"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-12 00:46
Modified
2024-11-21 00:34
Severity ?
Summary
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 5.x | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.1 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.2.3 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 6.0.2600 | |
| microsoft | internet_explorer | 6.0.2800 | |
| microsoft | internet_explorer | 6.0.2800.1106 | |
| microsoft | internet_explorer | 6.0.2900 | |
| microsoft | internet_explorer | 6.0.2900.2180 | |
| microsoft | internet_explorer | 7 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0.5730.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*",
"matchCriteriaId": "B0DCFCBD-8EDF-47B5-823F-5E05CD22AF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of \"Uninitialized Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Una vulnerabilidad de uso de memoria previamente liberada en la funci\u00f3n CRecalcProperty en la biblioteca mshtml.dll en Microsoft Internet Explorer versiones 5.01 hasta 7, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el llamado m\u00e9todo setExpression y, a continuaci\u00f3n, modificando la propiedad outerHTML de un elemento HTML, una variante de \"Uninitialized Memory Corruption Vulnerability\u201d."
}
],
"id": "CVE-2007-3902",
"lastModified": "2024-11-21T00:34:20.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-12T00:46:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28036"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1019078"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/484887/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/26506"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-073.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38713"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/484887/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
},
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-21 14:03
Modified
2024-11-21 00:14
Severity ?
Summary
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | windows_xp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy."
},
{
"lang": "es",
"value": "Desbordamiento de entero en Microsoft Internet Explorer 6 sobre Windows XP SP2 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s deun argumento 0x7fffffff en el m\u00e9todo setSlice sobre un objeto ActiveX WebViewFolderIcon, el cual dar\u00e1 lugar a una copia de memoria no v\u00e1lida."
}
],
"id": "CVE-2006-3730",
"lastModified": "2024-11-21T00:14:17.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-21T14:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html"
},
{
"source": "cve@mitre.org",
"url": "http://isc.sans.org/diary.php?storyid=1742"
},
{
"source": "cve@mitre.org",
"url": "http://riosec.com/msie-setslice-vuln"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22159"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016941"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/753044"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27110"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19030"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2882"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.org/diary.php?storyid=1742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://riosec.com/msie-setslice-vuln"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/753044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2440"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-01 20:30
Modified
2024-11-21 01:15
Severity ?
Summary
Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 8.0.7600.16385 | |
| microsoft | internet_explorer | 6.0.2900.2180 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:8.0.7600.16385:*:*:*:*:*:*:*",
"matchCriteriaId": "1B5A9719-9C14-4843-A6A9-CF4AF804B37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs."
},
{
"lang": "es",
"value": "Vulnerabilidad en Microsoft Internet Explorer v6.0.2900.2180 y v8.0.7600.16385 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de recursos) a trav\u00e9s de c\u00f3digo JavaScript que contenga un bucle infinito que crea elementos IFRAME a URIs de tipo news://"
}
],
"id": "CVE-2010-2118",
"lastModified": "2024-11-21T01:15:56.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-01T20:30:02.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/4238/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/511509/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/4238/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511509/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-05 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 5.1 | |
| microsoft | ie | 5.2.3 | |
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.1 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 6.0.2900.2180 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.1:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "4CF91C2F-EE6D-4C9E-8F39-1F632399EC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.2.3:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "EB51F2D6-3CCA-4695-8A92-39999749B3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem."
}
],
"id": "CVE-2005-2087",
"lastModified": "2024-11-20T23:58:46.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112006764714946\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15891"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014329"
},
{
"source": "cve@mitre.org",
"url": "http://www.auscert.org.au/render.html?it=5225"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/939605"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"source": "cve@mitre.org",
"url": "http://www.microsoft.com/technet/security/advisory/903144.mspx"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/17680"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/404055"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14087"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-193A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/0935"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-037"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21193"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1326"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1506"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1518"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112006764714946\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.auscert.org.au/render.html?it=5225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/939605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.microsoft.com/technet/security/advisory/903144.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/17680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/404055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-193A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/0935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A793"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-21 18:02
Modified
2024-11-20 23:58
Severity ?
Summary
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | r2 | |
| microsoft | windows_xp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",
"matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
"matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when \"Enable Folder View for FTP Sites\" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames."
}
],
"id": "CVE-2005-2126",
"lastModified": "2024-11-20T23:58:51.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-10-21T18:02:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17163"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/17172"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/17223"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1015036"
},
{
"source": "secure@microsoft.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/415828"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-044"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1146"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1284"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/415828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1416"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-12 00:46
Modified
2024-11-21 00:37
Severity ?
Summary
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 5.x | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.1 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.2.3 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 6.0.2600 | |
| microsoft | internet_explorer | 6.0.2800 | |
| microsoft | internet_explorer | 6.0.2800.1106 | |
| microsoft | internet_explorer | 6.0.2900 | |
| microsoft | internet_explorer | 6.0.2900.2180 | |
| microsoft | internet_explorer | 7 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0 | |
| microsoft | internet_explorer | 7.0.5730.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*",
"matchCriteriaId": "B0DCFCBD-8EDF-47B5-823F-5E05CD22AF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of \"Uninitialized Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Internet Explorer versiones 5.01 hasta 7, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un sitio web dise\u00f1ado usando Javascript que crea, modifica, elimina y accede a objetos de documento utilizando la propiedad tags, que desencadena una corrupci\u00f3n de pila, relacionada con objetos no inicializados o eliminados, un problema diferente de CVE-2007-3902 y CVE-2007-3903, y una variante de \"Uninitialized Memory Corruption Vulnerability\"."
}
],
"id": "CVE-2007-5344",
"lastModified": "2024-11-21T00:37:41.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-12T00:46:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28036"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1019078"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/484890/100/100/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/26817"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-075.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38715"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/484890/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-31 22:04
Modified
2024-11-21 00:16
Severity ?
Summary
Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | windows_2003_server | 2000_server | |
| microsoft | windows_2003_server | 2000_server | |
| microsoft | windows_2003_server | 2000_server | |
| microsoft | windows_2003_server | 2000_server | |
| microsoft | windows_2003_server | 2000_server | |
| microsoft | windows_2003_server | advanced_server | |
| microsoft | windows_2003_server | advanced_server | |
| microsoft | windows_2003_server | advanced_server | |
| microsoft | windows_2003_server | advanced_server | |
| microsoft | windows_2003_server | advanced_server | |
| microsoft | windows_2003_server | datacenter_server | |
| microsoft | windows_2003_server | datacenter_server | |
| microsoft | windows_2003_server | datacenter_server | |
| microsoft | windows_2003_server | datacenter_server | |
| microsoft | windows_2003_server | datacenter_server | |
| microsoft | windows_2003_server | professional | |
| microsoft | windows_2003_server | professional | |
| microsoft | windows_2003_server | professional | |
| microsoft | windows_2003_server | professional | |
| microsoft | windows_2003_server | professional |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:*:*:*:*:*:*:*",
"matchCriteriaId": "553C7040-9ECE-49E6-BDCC-0332245A7A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FA294E0D-311B-40E8-8466-63FBDD8FCB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EB69D534-6038-4547-B7E2-5FA840C59854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0A35703F-52A0-4D81-8807-4DDA0525A221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp4:*:*:*:*:*:*",
"matchCriteriaId": "5A9437E8-5174-443D-8B63-ECDBFC5210F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2E683F-73A6-4A6E-8397-33723DD7D2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp1:*:*:*:*:*:*",
"matchCriteriaId": "69D0C8BE-7D47-4D00-97E0-B6DC592869E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DDE05474-2770-41D5-837D-F3C82339117C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C47A03EA-E084-4B88-8773-D1983A1D7461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F1D1B206-AF93-4FF2-BF5A-E4200461F3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:*:*:*:*:*:*:*",
"matchCriteriaId": "E1C0007B-BA9C-4F09-87EF-6FF1467EB0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp1:*:*:*:*:*:*",
"matchCriteriaId": "674BF239-9A20-4DE0-AE16-35AFA53F02A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp2:*:*:*:*:*:*",
"matchCriteriaId": "85F8C7B3-E5F8-4A48-A5E7-D8E9326B6D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp3:*:*:*:*:*:*",
"matchCriteriaId": "D340FE0B-4A20-4DF6-B4D2-C2E61EC2802E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp4:*:*:*:*:*:*",
"matchCriteriaId": "29DAB69E-096D-44BB-9B21-DD95CE9DFB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:*:*:*:*:*:*:*",
"matchCriteriaId": "810F8F74-4E89-409D-9D40-318B3590EC1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:sp1:*:*:*:*:*:*",
"matchCriteriaId": "842FBB47-E16D-452E-A3C7-FEAD9977F017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B94E5DAA-0970-460D-94A9-5C407E34C4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F8F07665-1C59-438C-AFF8-58C76681CB6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:professional:sp4:*:*:*:*:*:*",
"matchCriteriaId": "E14908DD-3C61-4F33-BCB4-6C2E57C87DA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n instanciando ciertos objetos Windows 2000 ActiveX COM incluyendo (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, y (4) creator.dll."
}
],
"id": "CVE-2006-4495",
"lastModified": "2024-11-21T00:16:05.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-31T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1474"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/443896/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19636"
},
{
"source": "cve@mitre.org",
"url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=16"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/443896/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.xsec.org/index.php?module=Releases\u0026act=view\u0026type=1\u0026id=16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28512"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-04 02:02
Modified
2024-11-21 00:06
Severity ?
Summary
urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "4A33815E-5D85-4F0E-A4D1-DB31A64C8801",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to \"file://\" followed by a large number of \"-\" (dash of hyphen) characters."
}
],
"id": "CVE-2006-0544",
"lastModified": "2024-11-21T00:06:42.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-04T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.security-protocols.com/advisory/sp-x23-advisory.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/16463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.security-protocols.com/advisory/sp-x23-advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/16463"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-04-22 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | entourage | 2001 | |
| microsoft | entourage | v._x | |
| microsoft | excel | 2001 | |
| microsoft | excel | x | |
| microsoft | ie | 5.1 | |
| microsoft | office | 2001 | |
| microsoft | office | 2001 | |
| microsoft | office | v.x | |
| microsoft | outlook_express | 5.0 | |
| microsoft | outlook_express | 5.0.1 | |
| microsoft | outlook_express | 5.0.2 | |
| microsoft | outlook_express | 5.0.3 | |
| microsoft | powerpoint | 98 | |
| microsoft | powerpoint | 2001 | |
| microsoft | powerpoint | v.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:entourage:2001:*:macos:*:*:*:*:*",
"matchCriteriaId": "CB669A95-12A3-4AD4-8949-F77117F22E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:entourage:v._x:*:macos:*:*:*:*:*",
"matchCriteriaId": "35885642-BB7D-4DEF-A340-387E57FBBDB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2001:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "8BC60CAC-F011-42FA-A3D1-1EA5A2410EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:x:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "DA71E158-6D0A-4BEF-8471-FE5C864E7073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.1:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "4CF91C2F-EE6D-4C9E-8F39-1F632399EC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2001:*:macos:*:*:*:*:*",
"matchCriteriaId": "1C8FF0C2-39E8-4F73-958B-2BB195C5B559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2001:sr1:mac_os:*:*:*:*:*",
"matchCriteriaId": "68257FB3-3280-4299-A96B-613F60D797C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:v.x:*:mac:*:*:*:*:*",
"matchCriteriaId": "1A57804E-CD79-4431-AA97-0F85C2CE20C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:5.0:*:macos:*:*:*:*:*",
"matchCriteriaId": "0C607D22-B01D-4404-9657-0D322CE59B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:5.0.1:*:macos:*:*:*:*:*",
"matchCriteriaId": "A47283EA-513A-4EDC-BADA-659AFA28EA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:5.0.2:*:macos:*:*:*:*:*",
"matchCriteriaId": "EBA048BD-04A9-4BB9-9F3C-60FB1BE1D2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:5.0.3:*:macos:*:*:*:*:*",
"matchCriteriaId": "FB6349F9-6C93-48A1-92F6-18BF1D286DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:98:*:macos:*:*:*:*:*",
"matchCriteriaId": "41CB2081-C1DB-4DB6-87AC-E6A8BCABDB5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2001:*:macos:*:*:*:*:*",
"matchCriteriaId": "0602ABD8-0A65-47D5-9D04-6FD1A2F39B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:v.x:*:macos:*:*:*:*:*",
"matchCriteriaId": "DA57624A-D658-42D9-A197-1C8A7ED6ACF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en varias aplicaciones de Microsoft para Macintosht permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo arbitrario invocando la directiva file:// con un n\u00famero grande de caracteres /. Afecta a Internet Explorer 5.1, Outlook Express 5.0 a 5.0.2, Entourage v. X y 2001, PowerPoint v.X, 2001 y 98, y Excel V.X y 2001 para Macintosh."
}
],
"id": "CVE-2002-0152",
"lastModified": "2024-11-20T23:38:26.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-04-22T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101897994314015\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8850.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5357"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4517"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101897994314015\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8850.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-01-20 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008."
},
{
"lang": "es",
"value": "La funci\u00f3n de descarga de Internet Explorer 6 SP1 permite a atacantes remotos obtener el nombre de directorio de cach\u00e9 mediante una respuesta HTTP con un ContentType inv\u00e1lido y un fichero .html, lo que podr\u00eda permitir a atacantes remotos saltarse mecanismos de seguridad que se basan en nombres aleatorios, como se demostr\u00f3 por threadid10008."
}
],
"id": "CVE-2003-1028",
"lastModified": "2024-11-20T23:46:11.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-01-20T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106979428718705\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106979624321665\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/7890"
},
{
"source": "cve@mitre.org",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106979428718705\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106979624321665\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107038202225587\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/7890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the \"DHTML Method Heap Memory Corruption Vulnerability.\""
}
],
"id": "CVE-2005-0055",
"lastModified": "2024-11-20T23:54:18.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11165/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/secunia_research/2004-12/advisory/"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013125"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/843771"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2692"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3137"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3910"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11165/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/secunia_research/2004-12/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/843771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A710"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-02-07 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist."
}
],
"id": "CVE-2004-2090",
"lastModified": "2024-11-20T23:52:28.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10820"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9611"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15078"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (\"%0a\") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command."
}
],
"id": "CVE-2004-1166",
"lastModified": "2024-11-20T23:50:15.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110253463305359\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13404"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29346"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012444"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/12299"
},
{
"source": "cve@mitre.org",
"url": "http://www.rapid7.com/advisories/R7-0032.jsp"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489500/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11826"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28208"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0870"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110253463305359\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/12299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.rapid7.com/advisories/R7-0032.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489500/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-06-16 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
"matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Microsoft Internet Explorer 5.01, 5.5, y 6.0 permite que atacantes remotos ejecuten c\u00f3digo arbitrario mediante un caracter \"/\" (barra inclinada) en la propiedad Type de un tag Object en una p\u00e1gina web."
}
],
"id": "CVE-2003-0344",
"lastModified": "2024-11-20T23:44:31.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-06-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/8943"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/679556"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/8943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD20030604.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/679556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-07 19:55
Modified
2024-11-20 23:43
Severity ?
Summary
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0.6000.16711:*:*:*:*:*:*:*",
"matchCriteriaId": "77497F7F-1853-448A-8448-8FB6FA43169B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:8.0.7600.16385:*:*:*:*:*:*:*",
"matchCriteriaId": "1B5A9719-9C14-4843-A6A9-CF4AF804B37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:8.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "587DAAD1-F33D-41EB-B752-36B9D87FC19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB024757-60F3-44F9-BCFF-04B2F109D7A2",
"versionEndIncluding": "8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F62AC866-A06F-47DB-AEDF-E345CE0B14A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0AF9C64F-9A67-4BA9-A653-75507935E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D82B89-456D-41CB-A894-B6A22FB4415D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2E21CE6E-2B33-4225-B1DC-C19F1D578040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.308:*:*:*:*:*:*:*",
"matchCriteriaId": "0A652453-AB5F-405C-ABDE-CE1B54FEACED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.520:*:*:*:*:*:*:*",
"matchCriteriaId": "141080AB-48DE-4885-BAB6-6F0937ABD49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1155:*:*:*:*:*:*:*",
"matchCriteriaId": "EB758D76-B7F6-4E87-B88D-620443655CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1158:*:*:*:*:*:*:*",
"matchCriteriaId": "28655AC5-1512-4F45-9963-CA26F73981CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1215:*:*:*:*:*:*:*",
"matchCriteriaId": "C00F4F36-B88A-4FDB-BE52-83C6EF60BDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1300:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC05584-F553-4D29-9C46-C9EE5F0CB166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.544:*:*:*:*:*:*:*",
"matchCriteriaId": "B108A86E-8387-446C-B823-BE6FCAE747A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3F79B8-512A-4B88-868C-7C4ADFD223C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:*:*:*:*:*:*:*",
"matchCriteriaId": "078C3A86-C9F8-4A19-9DDC-1065B54E640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9030923C-356E-4FAB-8E64-03D462B4DB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0FFABC-8BED-4838-85FE-406DC9CF9B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DB4A00-4F70-4189-81BD-9318C52DF2D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FBFE8C8E-F46C-4179-AE83-CE4720C8E0E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:*:*:*:*:*:*:*",
"matchCriteriaId": "61125B09-23AA-4D5A-8332-6B5CCD80C7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:*:*:*:*:*:*:*",
"matchCriteriaId": "3AECF59F-B3C0-44CC-B77A-30E32B3E8BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2314.1003:*:*:*:*:*:*:*",
"matchCriteriaId": "D4690B85-86B9-448E-9249-B3885DEDC60E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2516.1900:*:*:*:*:*:*:*",
"matchCriteriaId": "4E215C82-E4AD-4B87-92D8-DD4D486EB6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500:*:*:*:*:*:*:*",
"matchCriteriaId": "D91F4C80-3B1B-45BD-966F-C9DBF98B875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800:*:*:*:*:*:*:*",
"matchCriteriaId": "F65E0DC1-40F6-4252-945A-A972343D1E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.3800:*:*:*:*:*:*:*",
"matchCriteriaId": "8C07C1A9-1A94-4653-8C57-6FCFC25854E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC57519-AD96-4ECF-A5B2-4E45F7D55298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "37DE3DE6-A355-41F2-BF5E-E7526449E753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB24B4F-44FF-4F0F-90FA-240A34B9599F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106:*:*:*:*:*:*:*",
"matchCriteriaId": "919A6551-DB18-49BD-AB92-4C453B3B728F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101:*:*:*:*:*:*:*",
"matchCriteriaId": "C512DAB3-2720-42D2-B27E-28F30FE0FE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90458F-1F2B-4F4C-88C6-4B670787D126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2EFDB4-97C2-4DDF-8A65-FCFB60FCB540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "4A99CDC7-9341-4DFB-BB18-FF06C05FF9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.3825.1300:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA6BA38-8B3B-4B9A-95BF-BCD412DD83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4030.2400:*:*:*:*:*:*:*",
"matchCriteriaId": "01BD2A05-3FCE-4C5D-8228-968630F27E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0100:*:*:*:*:*:*:*",
"matchCriteriaId": "4430779C-C678-4950-AE9E-82CDFC1A08D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0600:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0EC334-AEAD-43CA-A609-C027060F4F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4308.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF320BE-F022-4E0E-9815-B8AEED87B384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4522.1800:*:*:*:*:*:*:*",
"matchCriteriaId": "75532B2D-6814-4D20-8AEB-E7DFD66B6423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4807.2300:*:*:*:*:*:*:*",
"matchCriteriaId": "83802E30-8E7D-4CAB-B8FC-10056CF833D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "314538E8-48EC-4869-9074-2A1F5B7CBB3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*",
"matchCriteriaId": "F56B3A72-7C5E-4F0C-BBC7-AA13DDFBEE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2600.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "6876CE89-AA70-44C5-8A69-E2ED7A63F570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE2555F-C4BE-482F-8DD9-976D2026058C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "61F352FE-C22E-4B33-A46F-77A164B5DABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "5ACD5A44-0926-4A1B-9900-1E7CC0A561C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3718.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "196CEE37-2E3A-41A7-9AC1-0D5CC3F35D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "3E16BEF4-71AA-4E23-B438-D25FFABDB646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*",
"matchCriteriaId": "1F32702E-F955-4DDB-B235-7C47E882453C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA2B4AD-C04D-4A6B-8570-5A2F5489F750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*",
"matchCriteriaId": "817636ED-5E42-460E-89F1-24D5C64AB8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*",
"matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*",
"matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*",
"matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:*:*:*:*:*:*:*",
"matchCriteriaId": "5F709B61-F64B-4E8F-80BB-4944485B6125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*",
"matchCriteriaId": "612B8367-DAEF-4EE3-BC57-16A5CF4D3030",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de las Hojas de Estilo en Cascada (CSS) en Microsoft Internet Explorer, no controla correctamente el :visited pseudo-class, lo que permite a atacantes remotos obtener informaci\u00f3n sensible acerca de las p\u00e1ginas web visitadas a trav\u00e9s de un documento HTML manipulado. Relacionado con CVE-2010-2264."
}
],
"id": "CVE-2002-2435",
"lastModified": "2024-11-20T23:43:40.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-12-07T19:55:00.987",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=147777"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://w2spconf.com/2010/papers/p26.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=147777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://w2spconf.com/2010/papers/p26.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71817"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver\u0027s certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability."
}
],
"id": "CVE-2002-1824",
"lastModified": "2024-11-20T23:42:12.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/292842"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10180.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/292842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10180.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5778"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-16 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the \"File Download - Security Warning\" dialog and save arbitrary files with arbitrary extensions via the SaveAs command."
}
],
"id": "CVE-2004-1331",
"lastModified": "2024-11-20T23:50:37.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-11-16T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13203/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3220"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/743974"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11686"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13203/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/743974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18181"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-14 21:07
Modified
2024-11-21 00:20
Severity ?
Summary
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en controles ActiveX DirectAnimation para Microsoft Internet Explorer 5.01 hasta 6 tiene impacto y vectores desconocidos, posiblemente relacionados con (1) Danim.dll y (2) Lmrt.dll, un conjunto diferente de vulnerabilidades que CVE-2006-4446 y CVE-2006-4777."
}
],
"id": "CVE-2006-5884",
"lastModified": "2024-11-21T00:20:57.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-14T21:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/31324"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/31324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-18 15:47
Modified
2024-11-21 00:14
Severity ?
Summary
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) estableciendo la propiedad location o URL del objeto ActiveX MHTMLFile."
}
],
"id": "CVE-2006-3659",
"lastModified": "2024-11-21T00:14:07.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-18T15:47:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27108"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19013"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2831"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27761"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-11-29 05:00
Modified
2024-11-20 23:29
Severity ?
Summary
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*",
"matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*",
"matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*",
"matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled."
}
],
"id": "CVE-1999-0839",
"lastModified": "2024-11-20T23:29:39.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-11-29T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246972"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/828"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty \"href\" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6.0 SP2 permite a atacantes remotos suplantar una URL leg\u00edtima en la barra de estado y realizar un ataque de \u0027phishing\u0027 mediante una p\u00e1gina web que contenga un elemento BASE que apunta al sitio leg\u00edtimo seguido de un elemento ancla (A) con un elemento \"href\" vac\u00edo y un elemento FORM que apunta a un sitio web malicioso, y un elemento \u0027INPUT\u0027 modificado para que se parezca a la URL leg\u00edtima."
}
],
"id": "CVE-2004-1104",
"lastModified": "2024-11-20T23:50:06.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11273"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/702086"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/379903"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/425386/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/425883/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11565"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/702086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/379903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425386/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425883/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17938"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2024-11-20 23:43
Severity ?
Summary
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the \"Third Party Plugin Rendering\" vulnerability, a different vulnerability than CVE-2003-0233."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 5.01, 5.5 y 6.0 no verifica adecuadamente par\u00e1metros que son pasados mientras dibujan componentes de terceros, lo que podr\u00eda permitir a atacantes remotos ejecutar script web arbitrario, tambi\u00e9n conocida como vulnerabilidad de \"Dibujo de plugin de terceros\", una vulnerabilidad distinta de CAN-2003-0233."
}
],
"id": "CVE-2003-0115",
"lastModified": "2024-11-20T23:43:59.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-05-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11848.php"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11848.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-06-14 04:00
Modified
2024-11-20 23:46
Severity ?
Summary
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing \"..\" (dot dot) sequences and a filename that ends in \"::\" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475."
},
{
"lang": "es",
"value": "Internet Explorer 5.x y 6.0 permite a atacantes remotos ejecutar programas arbitrarios mediante una URL conteniendo secuencias \"..\" (punto punto) en un nombre de fichero terminado en \"::\" que es tratado como un fichero CHM aunque no tenga extensi\u00f3n .chm."
}
],
"id": "CVE-2003-1041",
"lastModified": "2024-11-20T23:46:12.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-06-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/187196"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/348521"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9320"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14105"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/187196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/348521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-13 19:06
Modified
2024-11-21 00:11
Severity ?
Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Microsoft Internet Explorer 5.01 SP4 y 6 SP1 y anteriores permite a atacantes asistidos por el usuario ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de una p\u00e1gina web manipulada que dispara una corrupci\u00f3n de memoria cuando se guarda como un archivo multipart HTML (.mht)"
}
],
"id": "CVE-2006-2385",
"lastModified": "2024-11-21T00:11:11.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-06-13T19:06:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20595"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1016291"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/26446"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/18320"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26782"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1167"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1423"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1609"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1665"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1911"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1916"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-07 19:55
Modified
2024-11-21 01:22
Severity ?
Summary
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0.6000.16711:*:*:*:*:*:*:*",
"matchCriteriaId": "77497F7F-1853-448A-8448-8FB6FA43169B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:8.0.7600.16385:*:*:*:*:*:*:*",
"matchCriteriaId": "1B5A9719-9C14-4843-A6A9-CF4AF804B37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:8.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "587DAAD1-F33D-41EB-B752-36B9D87FC19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB024757-60F3-44F9-BCFF-04B2F109D7A2",
"versionEndIncluding": "8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F62AC866-A06F-47DB-AEDF-E345CE0B14A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0AF9C64F-9A67-4BA9-A653-75507935E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D82B89-456D-41CB-A894-B6A22FB4415D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2E21CE6E-2B33-4225-B1DC-C19F1D578040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.308:*:*:*:*:*:*:*",
"matchCriteriaId": "0A652453-AB5F-405C-ABDE-CE1B54FEACED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.40.520:*:*:*:*:*:*:*",
"matchCriteriaId": "141080AB-48DE-4885-BAB6-6F0937ABD49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1155:*:*:*:*:*:*:*",
"matchCriteriaId": "EB758D76-B7F6-4E87-B88D-620443655CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1158:*:*:*:*:*:*:*",
"matchCriteriaId": "28655AC5-1512-4F45-9963-CA26F73981CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1215:*:*:*:*:*:*:*",
"matchCriteriaId": "C00F4F36-B88A-4FDB-BE52-83C6EF60BDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.70.1300:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC05584-F553-4D29-9C46-C9EE5F0CB166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.544:*:*:*:*:*:*:*",
"matchCriteriaId": "B108A86E-8387-446C-B823-BE6FCAE747A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3F79B8-512A-4B88-868C-7C4ADFD223C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:*:*:*:*:*:*:*",
"matchCriteriaId": "078C3A86-C9F8-4A19-9DDC-1065B54E640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9030923C-356E-4FAB-8E64-03D462B4DB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0FFABC-8BED-4838-85FE-406DC9CF9B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DB4A00-4F70-4189-81BD-9318C52DF2D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FBFE8C8E-F46C-4179-AE83-CE4720C8E0E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:*:*:*:*:*:*:*",
"matchCriteriaId": "61125B09-23AA-4D5A-8332-6B5CCD80C7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:*:*:*:*:*:*:*",
"matchCriteriaId": "3AECF59F-B3C0-44CC-B77A-30E32B3E8BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2314.1003:*:*:*:*:*:*:*",
"matchCriteriaId": "D4690B85-86B9-448E-9249-B3885DEDC60E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2516.1900:*:*:*:*:*:*:*",
"matchCriteriaId": "4E215C82-E4AD-4B87-92D8-DD4D486EB6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500:*:*:*:*:*:*:*",
"matchCriteriaId": "D91F4C80-3B1B-45BD-966F-C9DBF98B875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800:*:*:*:*:*:*:*",
"matchCriteriaId": "F65E0DC1-40F6-4252-945A-A972343D1E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.3800:*:*:*:*:*:*:*",
"matchCriteriaId": "8C07C1A9-1A94-4653-8C57-6FCFC25854E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC57519-AD96-4ECF-A5B2-4E45F7D55298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "37DE3DE6-A355-41F2-BF5E-E7526449E753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB24B4F-44FF-4F0F-90FA-240A34B9599F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106:*:*:*:*:*:*:*",
"matchCriteriaId": "919A6551-DB18-49BD-AB92-4C453B3B728F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101:*:*:*:*:*:*:*",
"matchCriteriaId": "C512DAB3-2720-42D2-B27E-28F30FE0FE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90458F-1F2B-4F4C-88C6-4B670787D126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2EFDB4-97C2-4DDF-8A65-FCFB60FCB540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "4A99CDC7-9341-4DFB-BB18-FF06C05FF9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6E5E4B-9E95-4019-8622-6E707FEC2FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*",
"matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.3825.1300:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA6BA38-8B3B-4B9A-95BF-BCD412DD83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4030.2400:*:*:*:*:*:*:*",
"matchCriteriaId": "01BD2A05-3FCE-4C5D-8228-968630F27E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0100:*:*:*:*:*:*:*",
"matchCriteriaId": "4430779C-C678-4950-AE9E-82CDFC1A08D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0600:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0EC334-AEAD-43CA-A609-C027060F4F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4308.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF320BE-F022-4E0E-9815-B8AEED87B384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4522.1800:*:*:*:*:*:*:*",
"matchCriteriaId": "75532B2D-6814-4D20-8AEB-E7DFD66B6423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.50.4807.2300:*:*:*:*:*:*:*",
"matchCriteriaId": "83802E30-8E7D-4CAB-B8FC-10056CF833D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "314538E8-48EC-4869-9074-2A1F5B7CBB3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:*:*:*:*:*:*:*",
"matchCriteriaId": "F56B3A72-7C5E-4F0C-BBC7-AA13DDFBEE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2600.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "6876CE89-AA70-44C5-8A69-E2ED7A63F570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE2555F-C4BE-482F-8DD9-976D2026058C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "61F352FE-C22E-4B33-A46F-77A164B5DABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "5ACD5A44-0926-4A1B-9900-1E7CC0A561C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3718.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "196CEE37-2E3A-41A7-9AC1-0D5CC3F35D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "3E16BEF4-71AA-4E23-B438-D25FFABDB646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:*:*:*:*:*:*:*",
"matchCriteriaId": "1F32702E-F955-4DDB-B235-7C47E882453C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA2B4AD-C04D-4A6B-8570-5A2F5489F750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "506711D9-6E57-4EED-8628-36C7F2324040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:unknown:gold:*:*:*:*:*",
"matchCriteriaId": "817636ED-5E42-460E-89F1-24D5C64AB8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6E1020-1017-4670-9316-27C79F1E2698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:*:*:*:*:*:*:*",
"matchCriteriaId": "37F63AE1-8FC9-4C0F-8D19-F17DFA214E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:*:*:*:*:*:*:*",
"matchCriteriaId": "35B1186A-FA5B-4E49-8C2F-BCD2D45F22A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:*:*:*:*:*:*:*",
"matchCriteriaId": "53D75496-8594-44DB-B5C4-EA3CABD6551A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:*:*:*:*:*:*:*",
"matchCriteriaId": "5F709B61-F64B-4E8F-80BB-4944485B6125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*",
"matchCriteriaId": "612B8367-DAEF-4EE3-BC57-16A5CF4D3030",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method."
},
{
"lang": "es",
"value": "La ejecuci\u00f3n de JavaScript en Microsoft Internet Explorer v8.0 y anteriores, no restringe adecuadamente el conjunto de valores contenidos en el objeto devuelto por el m\u00e9todo getComputedStyle, lo que permite a atacantes remotos obtener informaci\u00f3n sensible acerca de las p\u00e1ginas web visitadas por llamar a este m\u00e9todo."
}
],
"id": "CVE-2010-5071",
"lastModified": "2024-11-21T01:22:26.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-07T19:55:01.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://w2spconf.com/2010/papers/p26.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://w2spconf.com/2010/papers/p26.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-10 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka \"COM Object Instantiation Memory Corruption Vulnerability,\" a different vulnerability than CVE-2005-2087."
}
],
"id": "CVE-2005-1990",
"lastModified": "2024-11-20T23:58:33.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-08-10T04:00:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16373/"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1014643"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/14511"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2005/1353"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16373/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/1353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1337"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:05
Severity ?
Summary
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | internet_explorer | 6.0.2600 | |
| microsoft | internet_explorer | 6.0.2800 | |
| microsoft | internet_explorer | 6.0.2800.1106 | |
| microsoft | internet_explorer | 6.0.2900.2180 | |
| canon | network_camera_server_vb101 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:microsoft_windows_server_2003_sp1:*:*:*:*:*",
"matchCriteriaId": "12D23F59-5C49-4DE0-85E8-15287140660D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "CD115D64-87D8-4868-B247-16B83591B7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_server_2003:*:*:*:*:*",
"matchCriteriaId": "11A09F26-5FE3-4879-9FCB-769F8FB3D067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
"matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*",
"matchCriteriaId": "B1D7486F-1B6C-4705-B73C-F763F36F5150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*",
"matchCriteriaId": "6DBFDCF4-ACC7-4196-BA4D-2A35FAA5E1F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*",
"matchCriteriaId": "5E49636B-A425-4595-9663-A22A9F7C7D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
"matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
"matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*",
"matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*",
"matchCriteriaId": "3665D68D-8E1E-4FA9-97B9-9E099DDE84F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server:*:*:*:*:*",
"matchCriteriaId": "8D4BD1B0-8A91-4ED2-9C0D-BF87D18A01C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
"matchCriteriaId": "9B0F6E35-652C-4948-9FF4-DBF199B4FA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:*:windowsxp:*:*:*:*:*",
"matchCriteriaId": "DACE76B0-02BC-4624-A21E-405A893D7437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_2000:*:*:*:*:*",
"matchCriteriaId": "09A21D9F-6F51-4761-B7DB-E79CE60A0E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_xp:*:*:*:*:*",
"matchCriteriaId": "BA04D0A1-23AE-4C0F-8FE3-FD88D75CDA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:windows_xp:*:*:*:*:*",
"matchCriteriaId": "B0BFE49F-932B-469C-9B3C-5011D093E1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:windows_xp_sp2:*:*:*:*:*:*",
"matchCriteriaId": "A53E9D33-ECCD-428B-A117-3EB04B9554C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"matchCriteriaId": "68656E52-AD8A-474E-9160-CD5F8857254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"matchCriteriaId": "93F47C82-E767-47A8-88DE-417B004ED7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF9B51-5AF4-4317-9768-21D866AC7990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks."
}
],
"id": "CVE-2005-4827",
"lastModified": "2024-11-21T00:05:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://seclists.org/fulldisclosure/2007/Feb/0081.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/411585"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://seclists.org/fulldisclosure/2007/Feb/0081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/411585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14969"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2024-11-20 23:43
Severity ?
Summary
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files."
},
{
"lang": "es",
"value": "El control de carga (upload) de ficheros en Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos cargar ficheros autom\u00e1ticamente del sistema de ficheros local mediante una p\u00e1gina web conteniendo un script para cargar los ficheros."
}
],
"id": "CVE-2003-0114",
"lastModified": "2024-11-20T23:43:59.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-05-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104429340817718\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104429340817718\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | ip600_media_servers | * | |
| avaya | ip600_media_servers | r6 | |
| avaya | ip600_media_servers | r7 | |
| avaya | ip600_media_servers | r8 | |
| avaya | ip600_media_servers | r9 | |
| avaya | ip600_media_servers | r10 | |
| avaya | ip600_media_servers | r11 | |
| avaya | ip600_media_servers | r12 | |
| microsoft | ie | 6.0 | |
| microsoft | internet_explorer | 6.0 | |
| avaya | definity_one_media_server | * | |
| avaya | definity_one_media_server | r6 | |
| avaya | definity_one_media_server | r7 | |
| avaya | definity_one_media_server | r8 | |
| avaya | definity_one_media_server | r9 | |
| avaya | definity_one_media_server | r10 | |
| avaya | definity_one_media_server | r11 | |
| avaya | definity_one_media_server | r12 | |
| avaya | s3400 | * | |
| avaya | s8100 | * | |
| avaya | s8100 | r6 | |
| avaya | s8100 | r7 | |
| avaya | s8100 | r8 | |
| avaya | s8100 | r9 | |
| avaya | s8100 | r10 | |
| avaya | s8100 | r11 | |
| avaya | s8100 | r12 | |
| avaya | modular_messaging_message_storage_server | s3400 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip600_media_servers:r6:*:*:*:*:*:*:*",
"matchCriteriaId": "421DCFC1-D1DF-4081-96C1-A1FA69632B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip600_media_servers:r7:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB4E5D4-712A-4F8B-9571-23C5841FE653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip600_media_servers:r8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B61857E-9B4A-480B-8381-4C1213063D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip600_media_servers:r9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AF988E-D84B-4F47-BBF6-E08C6615E838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip600_media_servers:r10:*:*:*:*:*:*:*",
"matchCriteriaId": "74D156F2-E2BD-4E72-9776-21BCC3B3EC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip600_media_servers:r11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC8CC2A7-E209-45FC-B4F7-83FAD79E2452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip600_media_servers:r12:*:*:*:*:*:*:*",
"matchCriteriaId": "18CBDA7C-1E0E-470C-A740-807C559FBA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:definity_one_media_server:r6:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB98D81-7F43-46BD-9713-C1036F123ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:definity_one_media_server:r7:*:*:*:*:*:*:*",
"matchCriteriaId": "F71B32E1-650F-48F6-B04A-F54B5CB12FFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:definity_one_media_server:r8:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7A48D2-7CDB-40DE-95C0-EDF6CDDF7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:definity_one_media_server:r9:*:*:*:*:*:*:*",
"matchCriteriaId": "F67BC930-C6D3-40FC-A44F-49A3A6E9B016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:definity_one_media_server:r10:*:*:*:*:*:*:*",
"matchCriteriaId": "6469B5B2-9939-4163-A6C9-CC50D3358401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:definity_one_media_server:r11:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB9EF69-E099-4908-AC09-EE2811E39F55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:definity_one_media_server:r12:*:*:*:*:*:*:*",
"matchCriteriaId": "D3129813-C6BA-48B1-944B-D34D7A0F0F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB0BA4C-BA48-4DDA-917E-9EA9E04A898F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8100:r6:*:*:*:*:*:*:*",
"matchCriteriaId": "F28E0D07-ED87-44D0-A771-FB5C9D5CA32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8100:r7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F01F490-DA2A-4C89-9C9A-1B2B1CFF8849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8100:r8:*:*:*:*:*:*:*",
"matchCriteriaId": "F867CCDD-DDAC-4802-8AE3-9CEDB7F0FDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8100:r9:*:*:*:*:*:*:*",
"matchCriteriaId": "FD501EF0-7531-47DD-A4A8-1F3790401A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8100:r10:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC0D2D7-B6E2-40D3-8830-E0AF518253E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8100:r11:*:*:*:*:*:*:*",
"matchCriteriaId": "436EF2B4-B365-4307-B345-24527D7B5909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8100:r12:*:*:*:*:*:*:*",
"matchCriteriaId": "1562F7ED-5821-43AA-92CE-9BD7E67A47F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFF29C7-E5AA-44EB-B1A9-602B3692D893",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka \"the IFRAME vulnerability\" or the \"HTML Elements Vulnerability.\""
}
],
"id": "CVE-2004-1050",
"lastModified": "2024-11-20T23:49:58.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12959/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/842160"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/379261"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11515"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109942758911846\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12959/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/842160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/379261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-315A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-336A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-08 23:04
Modified
2024-11-21 00:14
Severity ?
Summary
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ie | 6 | |
| microsoft | internet_explorer | 5.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 5.01 SP4 y 6 no maneja adecuadamente diversas combinaciones de componentes en dise\u00f1os HTML, lo cual permite a atacantes remotos con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo HTML manipulado que lleva a una corrupci\u00f3n de memoria, tambi\u00e9n conocido como \"Vulnerabilidad de Corrupci\u00f3n de Memoria en Renderizado HTML\""
}
],
"id": "CVE-2006-3637",
"lastModified": "2024-11-21T00:14:05.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-08-08T23:04:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/21396"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1016663"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/340060"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/27853"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/340060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-17 10:19
Modified
2024-11-21 00:28
Severity ?
Summary
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_vista | * | |
| microsoft | ie | 7.0 | |
| microsoft | windows_xp | * | |
| microsoft | ie | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
"matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
"matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Internet Explorer versi\u00f3n 7.0 en Windows XP y Vista, permite a los atacantes remotos conducir ataques de phishing y posiblemente ejecutar c\u00f3digo arbitrario por medio de un URI res: en el archivo navcancl.htm con una URL arbitraria como argumento, que muestra la URL en la barra de direcciones de la pagina \"Navigation Canceled\" e inyecta el script hacia el enlace \"Refresh the page\", tambi\u00e9n se conoce como \"Navigation Cancel Page Spoofing Vulnerability.\""
}
],
"id": "CVE-2007-1499",
"lastModified": "2024-11-21T00:28:27.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-17T10:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx"
},
{
"source": "cve@mitre.org",
"url": "http://news.com.com/2100-1002_3-6167410.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35352"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24535"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25627"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2448"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018235"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22966"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0946"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2153"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://news.com.com/2100-1002_3-6167410.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-08 23:04
Modified
2024-11-21 00:13
Severity ?
Summary
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:5.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "FED6949F-54D0-4D36-B6A8-59EBFA2611E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when \"multiple imports are used on a styleSheets collection\" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 5 SP4 y 6 no recogen adecuadamente la basura cuando \"se utilizan m\u00faltiples importaciones en una colecci\u00f3n de hojas de estilo\" para construir una cadena de Hojas de Estilo en Cascada (CSS), lo cual permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2006-3451",
"lastModified": "2024-11-21T00:13:38.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-08T23:04:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21396"
},
{
"source": "secure@microsoft.com",
"url": "http://securityreason.com/securityalert/1343"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1016663"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/262004"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/27854"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/442578/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/19316"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/262004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/442578/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-26 11:28
Modified
2024-11-21 00:27
Severity ?
Summary
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
"matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 7 permite a atacantes remotos impedir a los usuarios dejar un sitio, simular la barra de direcciones y llevar a cabo ataques de tipo phishing u otros mediante un gestor de eventos Javascript onUnload."
}
],
"id": "CVE-2007-1091",
"lastModified": "2024-11-21T00:27:29.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-26T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lcamtuf.coredump.cx/ietrap"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/23014"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2291"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018788"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22680"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0713"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lcamtuf.coredump.cx/ietrap"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/23014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-08 23:19
Modified
2024-11-21 00:27
Severity ?
Summary
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2000 | * | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | windows_2000 | * | |
| microsoft | ie | 6.0 | |
| microsoft | windows_xp | * | |
| microsoft | ie | 6.0 | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | ie | 6.0 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | ie | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
"matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the \"Uninitialized Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el m\u00e9todo CTableCol::OnPropertyChange de Microsoft Internet Explorer 5.01 SP4 en Windows 2000 SP4; 6 SP1 en Windows 2000 SP4; y 6 en Windows XP SP2, o Windows Server 2003 SP1 o SP2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n llamando a deleteCell en una fila de tabla con nombre, y despu\u00e9s accediendo a la columna, lo cual provoca que Internet Explorer acceda a objetos previamente borrados, tambi\u00e9n conocida como \"Vulnerabilidad de Corrupci\u00f3n de Memoria No Inicializada\"."
}
],
"id": "CVE-2007-0944",
"lastModified": "2024-11-21T00:27:07.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-08T23:19:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/23769"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/34400"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/467989/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/23771"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1018019"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2007/1712"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-027.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33253"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/34400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/467989/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1722"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-13 23:28
Modified
2024-11-21 00:25
Severity ?
Summary
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2000 | * | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | windows_2000 | * | |
| microsoft | ie | 6.0 | |
| microsoft | windows_2003_server | gold | |
| microsoft | windows_2003_server | gold | |
| microsoft | windows_2003_server | gold | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | internet_explorer | 6.0 | |
| microsoft | windows_2003_server | gold | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | internet_explorer | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*",
"matchCriteriaId": "B058588A-88F3-4789-8EA9-0D37447B08CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*",
"matchCriteriaId": "3C9649DB-D417-4CCC-9F61-685ECB355AD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*",
"matchCriteriaId": "722526B1-12E3-42E7-95ED-84A86D0C189A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*",
"matchCriteriaId": "722526B1-12E3-42E7-95ED-84A86D0C189A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*",
"matchCriteriaId": "74EE55A2-6020-4591-9F15-80E57D19207C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 5.01, 6, y 7 utiliza ciertos objetos COM de (1) Msb1fren.dll, (2) Htmlmm.ocx, y (3) Blnmgrps.dll como controles ActiveX, lo cual permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados, un vector diferente que CVE-2006-4697."
}
],
"id": "CVE-2007-0219",
"lastModified": "2024-11-21T00:25:16.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-13T23:28:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/24156"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/771788"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/31893"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/31894"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/31895"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/22504"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1017643"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32427"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/771788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/31893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/31894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/31895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A257"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-12 20:28
Modified
2024-11-21 00:19
Severity ?
Summary
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:*:windows_server_2003_sp1:*:*:*:*:*:*",
"matchCriteriaId": "66815960-CEFF-477A-A147-963A112206CF",
"versionEndIncluding": "6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5577."
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos leer Ficheros Temporales de Internet (TIF) y obtener informaci\u00f3n sensible a trav\u00e9s de vectores sin especificar mediante operaciones de \"arrastrar y soltar\", tambi\u00e9n conocido como \"TIF Folder Information Disclosure Vulnerability\" , es distinta a la CVE-2006-5577."
}
],
"id": "CVE-2006-5578",
"lastModified": "2024-11-21T00:19:47.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-12T20:28:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/23288"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1017374"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/694344"
},
{
"source": "secure@microsoft.com",
"url": "http://www.osvdb.org/30815"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/21494"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/4966"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/694344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A337"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-200003-0033
Vulnerability from variot
The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation. A vulnerability exists in Microsoft's Remote Procedure Call (RPC) implementation. A remote attacker could exploit this vulnerability to cause a denial of service. An exploit for this vulnerability is publicly available. There is a remote buffer overflow in many versions of Microsoft Windows that allows attackers to execute arbitrary code with system privileges. We are sending this message to help ensure that administrators have not overlooked one or more of these vulnerabilities.
There have been several recent vulnerabilities affecting OpenSSH. It is unclear if these issues are exploitable, but they are resolved in version 3.7.1. These four additional flaws are believed to be relatively minor, and are scheduled to be included in the next version of OpenSSH. Exploitation of this vulnerability may lead to a remote attacker gaining privileged access to the server, in some cases root access.
VU#209807 - Portable OpenSSH server PAM conversion stack corruption http://www.kb.cert.org/vuls/id/209807
There is a vulnerability in portable versions of OpenSSH 3.7p1 and 3.7.1p1 that may permit an attacker to corrupt the PAM conversion stack.
Please check the vulnerability notes for resolutions and additional details.
Thank you. -----BEGIN PGP SIGNED MESSAGE-----
CERT Summary CS-2003-04
November 24, 2003
Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT Summary to draw attention to the types of attacks reported to our incident response team, as well as other noteworthy incident and vulnerability information. The summary includes pointers to sources of information for dealing with the problems.
Past CERT summaries are available from:
CERT Summaries
http://www.cert.org/summaries/
Recent Activity
Since the last regularly scheduled CERT summary, issued in September 2003 (CS-2003-03), we have documented vulnerabilities in the Microsoft Windows Workstation Service, RPCSS Service, and Exchange. We have received reports of W32/Swen.A, W32/Mimail variants, and exploitation of an Internet Explorer vulnerability reported in August of 2003.
For more current information on activity being reported to the CERT/CC, please visit the CERT/CC Current Activity page. The Current Activity page is a regularly updated summary of the most frequent, high-impact types of security incidents and vulnerabilities being reported to the CERT/CC. The information on the Current Activity page is reviewed and updated as reporting trends change.
CERT/CC Current Activity
http://www.cert.org/current/current_activity.html
1. W32/Mimail Variants
The CERT/CC has received reports of several new variants of the
'Mimail' worm. The most recent variant of the worm (W32/Mimail.J)
arrives as an email message alleging to be from the Paypal
financial service. The message requests that the recipient
'verify' their account information to prevent the suspension of
their Paypal account. Attached to the email is an executable file
which captures this information (if entered), and sends it to a
number of email addresses.
Current Activity - November 19, 2003
http://www.cert.org/current/archive/2003/11/19/archive.html#mimaili
2.
CERT Advisory CA-2003-28
Buffer Overflow in Windows Workstation Service
http://www.cert.org/advisories/CA-2003-28.html
Vulnerability Note VU#567620
Microsoft Windows Workstation service vulnerable to
buffer overflow when sent specially crafted network
message
http://www.kb.cert.org/vuls/id/567620
3.
CERT Advisory CA-2003-27
Multiple Vulnerabilities in Microsoft Windows and
Exchange
http://www.cert.org/advisories/CA-2003-27.html
Vulnerability Note VU#575892
Buffer overflow in Microsoft Windows Messenger Service
http://www.kb.cert.org/vuls/id/575892
Vulnerability Note VU#422156
Microsoft Exchange Server fails to properly handle
specially crafted SMTP extended verb requests
http://www.kb.cert.org/vuls/id/422156
Vulnerability Note VU#467036
Microsoft Windows Help and support Center contains buffer
overflow in code used to handle HCP protocol
http://www.kb.cert.org/vuls/id/467036
Vulnerability Note VU#989932
Microsoft Windows contains buffer overflow in Local
Troubleshooter ActiveX control (Tshoot.ocx)
http://www.kb.cert.org/vuls/id/989932
Vulnerability Note VU#838572
Microsoft Windows Authenticode mechanism installs ActiveX
controls without prompting user
http://www.kb.cert.org/vuls/id/838572
Vulnerability Note VU#435444
Microsoft Outlook Web Access (OWA) contains cross-site
scripting vulnerability in the "Compose New Message" form
http://www.kb.cert.org/vuls/id/435444
Vulnerability Note VU#967668
Microsoft Windows ListBox and ComboBox controls vulnerable
to buffer overflow when supplied crafted Windows message
http://www.kb.cert.org/vuls/id/967668
4. Multiple Vulnerabilities in SSL/TLS Implementations
Multiple vulnerabilities exist in the Secure Sockets Layer (SSL)
and Transport Layer Security (TLS) protocols allowing an attacker
to execute arbitrary code or cause a denial-of-service condition.
CERT Advisory CA-2003-26
Multiple Vulnerabilities in SSL/TLS Implementations
http://www.cert.org/advisories/CA-2003-26.html
Vulnerability Note VU#935264
OpenSSL ASN.1 parser insecure memory deallocation
http://www.kb.cert.org/vuls/id/935264
Vulnerability Note VU#255484
OpenSSL contains integer overflow handling ASN.1 tags (1)
http://www.kb.cert.org/vuls/id/255484
Vulnerability Note VU#380864
OpenSSL contains integer overflow handling ASN.1 tags (2)
http://www.kb.cert.org/vuls/id/380864
Vulnerability Note VU#686224
OpenSSL does not securely handle invalid public key when
configured to ignore errors
http://www.kb.cert.org/vuls/id/686224
Vulnerability Note VU#732952
OpenSSL accepts unsolicited client certificate messages
http://www.kb.cert.org/vuls/id/732952
Vulnerability Note VU#104280
Multiple vulnerabilities in SSL/TLS implementations
http://www.kb.cert.org/vuls/id/104280
Vulnerability Note VU#412478
OpenSSL 0.9.6k does not properly handle ASN.1 sequences
http://www.kb.cert.org/vuls/id/412478
5. Exploitation of Internet Explorer Vulnerability
The CERT/CC received a number of reports indicating that attackers
were actively exploiting the Microsoft Internet Explorer
vulnerability described in VU#865940. These attacks include the
installation of tools for launching distributed denial-of-service
(DDoS) attacks, providing generic proxy services, reading
sensitive information from the Windows registry, and using a
victim system's modem to dial pay-per-minute services. The
vulnerability described in VU#865940 exists due to an interaction
between IE's MIME type processing and the way it handles HTML
application (HTA) files embedded in OBJECT tags.
CERT Advisory IN-2003-04
Exploitation of Internet Explorer Vulnerability
http://www.cert.org/incident_notes/IN-2003-04.html
Vulnerability Note VU#865940
Microsoft Internet Explorer does not properly evaluate
"application/hta" MIME type referenced by DATA attribute
of OBJECT element
http://www.kb.cert.org/vuls/id/865940
6. W32/Swen.A Worm
On September 19, the CERT/CC began receiving a large volume of
reports of a mass mailing worm, referred to as W32/Swen.A,
spreading on the Internet. Similar to W32/Gibe.B in function, this
worm arrives as an attachment claiming to be a Microsoft Internet
Explorer Update or a delivery failure notice from qmail. The
W32/Swen.A worm requires a user to execute the attachment either
manually or by using an email client that will open the attachment
automatically. Upon opening the attachment, the worm attempts to
mail itself to all email addresses it finds on the system. The
CERT/CC updated the current activity page to contain further
information on this worm.
Current Activity - September 19, 2003
http://www.cert.org/current/archive/2003/09/19/archive.html#swena
7. Buffer Overflow in Sendmail
Sendmail, a widely deployed mail transfer agent (MTA), contains a
vulnerability that could allow an attacker to execute arbitrary
code with the privileges of the sendmail daemon, typically root.
CERT Advisory CA-2003-25
Buffer Overflow in Sendmail
http://www.cert.org/advisories/CA-2003-25.html
Vulnerability Note VU#784980
Sendmail prescan() buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/784980
8.
CERT Advisory CA-2003-23
RPCSS Vulnerabilities in Microsoft Windows
http://www.cert.org/advisories/CA-2003-23.html
Vulnerability Note VU#483492
Microsoft Windows RPCSS Service contains heap overflow in
DCOM activation routines
http://www.kb.cert.org/vuls/id/483492
Vulnerability Note VU#254236
Microsoft Windows RPCSS Service contains heap overflow in
DCOM request filename handling
http://www.kb.cert.org/vuls/id/254236
Vulnerability Note VU#326746
Microsoft Windows RPC service vulnerable to
denial of service
http://www.kb.cert.org/vuls/id/326746
New CERT Coordination Center (CERT/CC) PGP Key
On October 15, the CERT/CC issued a new PGP key, which should be used when sending sensitive information to the CERT/CC.
CERT/CC PGP Public Key
https://www.cert.org/pgp/cert_pgp_key.asc
Sending Sensitive Information to the CERT/CC
https://www.cert.org/contact_cert/encryptmail.html
What's New and Updated
Since the last CERT Summary, we have published new and updated * Advisories http://www.cert.org/advisories/ * Vulnerability Notes http://www.kb.cert.org/vuls * CERT/CC Statistics http://www.cert.org/stats/cert_stats.html * Congressional Testimony http://www.cert.org/congressional_testimony * Training Schedule http://www.cert.org/training/ * CSIRT Development http://www.cert.org/csirts/
This document is available from: http://www.cert.org/summaries/CS-2003-04.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.
Conditions for use, disclaimers, and sponsorship information
Copyright \xa92003 Carnegie Mellon University.
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBP8JVOZZ2NNT/dVAVAQGL9wP+I18NJBUBuv7b0pam5La7E7qOQFMn5n78 7i0gBX/dKgaY5siM6jBYYwCbbA7Y0/Jwtby2zHp1s8RHZY5/3JEzElfv4TLlR8rT rb8gJDbpan2JWA6xH9IzqZaSrxrXpNypwU2wWxR2osmbYl8FdV0rD3ZYXJjyi+nU UENALuNdthA= =DD60 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200003-0033",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mandriva",
"version": null
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.01"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "appgate network security ab",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cray",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cyclades",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f secure",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "foundry",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm eserver",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingrian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mirapoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "network appliance",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nokia",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssh",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openwall gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "riverstone",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tfs",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.01"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#483492"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#254236"
},
{
"db": "CNNVD",
"id": "CNNVD-200003-002"
},
{
"db": "NVD",
"id": "CVE-2000-0201"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0201"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Posted to Bugtraq on March 1, 2000 by Georgi Guninski \u003cjoro@nat.bg\u003e.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200003-002"
}
],
"trust": 0.6
},
"cve": "CVE-2000-0201",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2000-0201",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#333628",
"trust": 0.8,
"value": "28.98"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#483492",
"trust": 0.8,
"value": "94.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#326746",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#254236",
"trust": 0.8,
"value": "94.50"
},
{
"author": "CNNVD",
"id": "CNNVD-200003-002",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#483492"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#254236"
},
{
"db": "CNNVD",
"id": "CNNVD-200003-002"
},
{
"db": "NVD",
"id": "CVE-2000-0201"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation. A vulnerability exists in Microsoft\u0027s Remote Procedure Call (RPC) implementation. A remote attacker could exploit this vulnerability to cause a denial of service. An exploit for this vulnerability is publicly available. There is a remote buffer overflow in many versions of Microsoft Windows that allows attackers to execute arbitrary code with system privileges. We are sending this message to help ensure that\nadministrators have not overlooked one or more of these vulnerabilities. \n\nThere have been several recent vulnerabilities affecting OpenSSH. It is unclear if these issues \n are exploitable, but they are resolved in version 3.7.1. These four additional \n flaws are believed to be relatively minor, and are scheduled to be\n included in the next version of OpenSSH. \n Exploitation of this vulnerability may lead to a remote attacker \n gaining privileged access to the server, in some cases root access. \n\nVU#209807 - Portable OpenSSH server PAM conversion stack corruption\nhttp://www.kb.cert.org/vuls/id/209807\n\n There is a vulnerability in portable versions of OpenSSH 3.7p1 and\n 3.7.1p1 that may permit an attacker to corrupt the PAM conversion\n stack. \n\nPlease check the vulnerability notes for resolutions and additional \ndetails. \n\nThank you. \n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Summary CS-2003-04\n\n November 24, 2003\n\n Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT\n Summary to draw attention to the types of attacks reported to our\n incident response team, as well as other noteworthy incident and\n vulnerability information. The summary includes pointers to sources of\n information for dealing with the problems. \n\n Past CERT summaries are available from:\n\n CERT Summaries\n http://www.cert.org/summaries/\n ______________________________________________________________________\n\nRecent Activity\n\n Since the last regularly scheduled CERT summary, issued in September\n 2003 (CS-2003-03), we have documented vulnerabilities in the Microsoft\n Windows Workstation Service, RPCSS Service, and Exchange. \n We have received reports of W32/Swen.A, W32/Mimail variants, and\n exploitation of an Internet Explorer vulnerability reported in August\n of 2003. \n\n For more current information on activity being reported to the\n CERT/CC, please visit the CERT/CC Current Activity page. The Current\n Activity page is a regularly updated summary of the most frequent,\n high-impact types of security incidents and vulnerabilities being\n reported to the CERT/CC. The information on the Current Activity page\n is reviewed and updated as reporting trends change. \n\n CERT/CC Current Activity\n http://www.cert.org/current/current_activity.html\n\n\n 1. W32/Mimail Variants\n\n The CERT/CC has received reports of several new variants of the\n \u0027Mimail\u0027 worm. The most recent variant of the worm (W32/Mimail.J)\n arrives as an email message alleging to be from the Paypal\n financial service. The message requests that the recipient\n \u0027verify\u0027 their account information to prevent the suspension of\n their Paypal account. Attached to the email is an executable file\n which captures this information (if entered), and sends it to a\n number of email addresses. \n\n Current Activity - November 19, 2003\n http://www.cert.org/current/archive/2003/11/19/archive.html#mimaili\n\n\n 2. \n\n CERT Advisory CA-2003-28\n\t\tBuffer Overflow in Windows Workstation Service\n http://www.cert.org/advisories/CA-2003-28.html\n\n Vulnerability Note VU#567620\n\t\tMicrosoft Windows Workstation service vulnerable to \n\t\tbuffer overflow when sent specially crafted network\n\t\tmessage\n http://www.kb.cert.org/vuls/id/567620\n\n\n 3. \n\n CERT Advisory CA-2003-27\n\t\tMultiple Vulnerabilities in Microsoft Windows and \n\t\tExchange\n http://www.cert.org/advisories/CA-2003-27.html\n\n Vulnerability Note VU#575892\n\t\tBuffer overflow in Microsoft Windows Messenger Service\n http://www.kb.cert.org/vuls/id/575892\n\n Vulnerability Note VU#422156\n\t\tMicrosoft Exchange Server fails to properly handle\n\t\tspecially crafted SMTP extended verb requests\n http://www.kb.cert.org/vuls/id/422156\n\n Vulnerability Note VU#467036\n\t\tMicrosoft Windows Help and support Center contains buffer\n\t\toverflow in code used to handle HCP protocol\n http://www.kb.cert.org/vuls/id/467036\n\n Vulnerability Note VU#989932\n\t\tMicrosoft Windows contains buffer overflow in Local \n\t\tTroubleshooter ActiveX control (Tshoot.ocx)\n http://www.kb.cert.org/vuls/id/989932\n\n Vulnerability Note VU#838572\n\t\tMicrosoft Windows Authenticode mechanism installs ActiveX\n\t\tcontrols without prompting user\n http://www.kb.cert.org/vuls/id/838572\n\n Vulnerability Note VU#435444\n\t\tMicrosoft Outlook Web Access (OWA) contains cross-site\n\t\tscripting vulnerability in the \"Compose New Message\" form\n http://www.kb.cert.org/vuls/id/435444\n\n Vulnerability Note VU#967668\n\t\tMicrosoft Windows ListBox and ComboBox controls vulnerable\n\t\tto buffer overflow when supplied crafted Windows message\n http://www.kb.cert.org/vuls/id/967668\n\n\n 4. Multiple Vulnerabilities in SSL/TLS Implementations\n\n Multiple vulnerabilities exist in the Secure Sockets Layer (SSL)\n and Transport Layer Security (TLS) protocols allowing an attacker\n to execute arbitrary code or cause a denial-of-service condition. \n\n CERT Advisory CA-2003-26\n\t\tMultiple Vulnerabilities in SSL/TLS Implementations\n http://www.cert.org/advisories/CA-2003-26.html\n\n Vulnerability Note VU#935264\n\t\tOpenSSL ASN.1 parser insecure memory deallocation\n http://www.kb.cert.org/vuls/id/935264\n\n Vulnerability Note VU#255484\n\t\tOpenSSL contains integer overflow handling ASN.1 tags (1)\n http://www.kb.cert.org/vuls/id/255484\n\n Vulnerability Note VU#380864\n\t\tOpenSSL contains integer overflow handling ASN.1 tags (2)\n http://www.kb.cert.org/vuls/id/380864\n\n Vulnerability Note VU#686224\n\t\tOpenSSL does not securely handle invalid public key when\n\t\tconfigured to ignore errors\n http://www.kb.cert.org/vuls/id/686224\n\n Vulnerability Note VU#732952\n\t\tOpenSSL accepts unsolicited client certificate messages\n http://www.kb.cert.org/vuls/id/732952\n\n Vulnerability Note VU#104280\n\t\tMultiple vulnerabilities in SSL/TLS implementations\n http://www.kb.cert.org/vuls/id/104280\n\n Vulnerability Note VU#412478\n\t\tOpenSSL 0.9.6k does not properly handle ASN.1 sequences\n http://www.kb.cert.org/vuls/id/412478\n\n\n 5. Exploitation of Internet Explorer Vulnerability\n\n The CERT/CC received a number of reports indicating that attackers\n were actively exploiting the Microsoft Internet Explorer\n vulnerability described in VU#865940. These attacks include the\n installation of tools for launching distributed denial-of-service\n (DDoS) attacks, providing generic proxy services, reading\n sensitive information from the Windows registry, and using a\n victim system\u0027s modem to dial pay-per-minute services. The\n vulnerability described in VU#865940 exists due to an interaction\n between IE\u0027s MIME type processing and the way it handles HTML\n application (HTA) files embedded in OBJECT tags. \n\n CERT Advisory IN-2003-04\n\t\tExploitation of Internet Explorer Vulnerability\n http://www.cert.org/incident_notes/IN-2003-04.html\n\n Vulnerability Note VU#865940\n\t\tMicrosoft Internet Explorer does not properly evaluate\n\t\t\"application/hta\" MIME type referenced by DATA attribute\n\t\tof OBJECT element\n http://www.kb.cert.org/vuls/id/865940\n\n\n 6. W32/Swen.A Worm\n\n On September 19, the CERT/CC began receiving a large volume of\n reports of a mass mailing worm, referred to as W32/Swen.A,\n spreading on the Internet. Similar to W32/Gibe.B in function, this\n worm arrives as an attachment claiming to be a Microsoft Internet\n Explorer Update or a delivery failure notice from qmail. The\n W32/Swen.A worm requires a user to execute the attachment either\n manually or by using an email client that will open the attachment\n automatically. Upon opening the attachment, the worm attempts to\n mail itself to all email addresses it finds on the system. The\n CERT/CC updated the current activity page to contain further\n information on this worm. \n\n Current Activity - September 19, 2003\n http://www.cert.org/current/archive/2003/09/19/archive.html#swena\n\n\n 7. Buffer Overflow in Sendmail\n\n Sendmail, a widely deployed mail transfer agent (MTA), contains a\n vulnerability that could allow an attacker to execute arbitrary\n code with the privileges of the sendmail daemon, typically root. \n\n CERT Advisory CA-2003-25\n\t\tBuffer Overflow in Sendmail\n http://www.cert.org/advisories/CA-2003-25.html\n\n Vulnerability Note VU#784980\n\t\tSendmail prescan() buffer overflow vulnerability\n http://www.kb.cert.org/vuls/id/784980\n\n\n 8. \n\n CERT Advisory CA-2003-23\n\t\tRPCSS Vulnerabilities in Microsoft Windows\n http://www.cert.org/advisories/CA-2003-23.html\n\n Vulnerability Note VU#483492\n\t\tMicrosoft Windows RPCSS Service contains heap overflow in\n\t\tDCOM activation routines\n http://www.kb.cert.org/vuls/id/483492\n\n Vulnerability Note VU#254236\n\t\tMicrosoft Windows RPCSS Service contains heap overflow in\n\t\tDCOM request filename handling\n http://www.kb.cert.org/vuls/id/254236\n\n Vulnerability Note VU#326746\n\t\tMicrosoft Windows RPC service vulnerable to \n\t\tdenial of service\n http://www.kb.cert.org/vuls/id/326746\n ______________________________________________________________________\n\nNew CERT Coordination Center (CERT/CC) PGP Key\n\n On October 15, the CERT/CC issued a new PGP key, which should be used\n when sending sensitive information to the CERT/CC. \n\n CERT/CC PGP Public Key\n https://www.cert.org/pgp/cert_pgp_key.asc\n\n Sending Sensitive Information to the CERT/CC\n https://www.cert.org/contact_cert/encryptmail.html\n ______________________________________________________________________\n\nWhat\u0027s New and Updated\n\n Since the last CERT Summary, we have published new and updated\n * Advisories\n http://www.cert.org/advisories/\n * Vulnerability Notes\n http://www.kb.cert.org/vuls\n * CERT/CC Statistics\n http://www.cert.org/stats/cert_stats.html\n * Congressional Testimony\n http://www.cert.org/congressional_testimony\n * Training Schedule\n http://www.cert.org/training/\n * CSIRT Development\n http://www.cert.org/csirts/\n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/summaries/CS-2003-04.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n ______________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright \\xa92003 Carnegie Mellon University. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBP8JVOZZ2NNT/dVAVAQGL9wP+I18NJBUBuv7b0pam5La7E7qOQFMn5n78\n7i0gBX/dKgaY5siM6jBYYwCbbA7Y0/Jwtby2zHp1s8RHZY5/3JEzElfv4TLlR8rT\nrb8gJDbpan2JWA6xH9IzqZaSrxrXpNypwU2wWxR2osmbYl8FdV0rD3ZYXJjyi+nU\nUENALuNdthA=\n=DD60\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0201"
},
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#483492"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#254236"
},
{
"db": "PACKETSTORM",
"id": "31735"
},
{
"db": "PACKETSTORM",
"id": "32268"
}
],
"trust": 3.96
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#326746",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#254236",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#483492",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2000-0201",
"trust": 1.6
},
{
"db": "BID",
"id": "1033",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#333628",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "10156",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200003-002",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "VU#602204",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#209807",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "31735",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#784980",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#575892",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#255484",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#865940",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#467036",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#380864",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#838572",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#422156",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#412478",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#935264",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#686224",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#104280",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#567620",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#989932",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#967668",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#435444",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#732952",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "32268",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#483492"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#254236"
},
{
"db": "PACKETSTORM",
"id": "31735"
},
{
"db": "PACKETSTORM",
"id": "32268"
},
{
"db": "CNNVD",
"id": "CNNVD-200003-002"
},
{
"db": "NVD",
"id": "CVE-2000-0201"
}
]
},
"id": "VAR-200003-0033",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-07-22T21:37:32.184000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0201"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.microsoft.com/technet/security/bulletin/ms03-039.asp"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/326746"
},
{
"trust": 1.6,
"url": "http://support.microsoft.com/?kbid=825750"
},
{
"trust": 1.6,
"url": "http://support.microsoft.com/?kbid=827363"
},
{
"trust": 1.6,
"url": "http://www.cert.org/advisories/ca-2003-19.html"
},
{
"trust": 1.6,
"url": "http://cgi.nessus.org/plugins/dump.php3?id=11835"
},
{
"trust": 1.6,
"url": "http://www.iss.net/support/product_utilities/xfrpcss.php"
},
{
"trust": 1.6,
"url": "http://www.ntbugtraq.com/dcomrpc.asp"
},
{
"trust": 1.6,
"url": "http://securecomputing.stanford.edu/alerts/win-rpc-10sept2003.html"
},
{
"trust": 1.6,
"url": "http://www.coresecurity.com/common/showdoc.php?idx=393\u0026idxseccion=10"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/1033"
},
{
"trust": 0.9,
"url": "http://www.kb.cert.org/vuls/id/254236"
},
{
"trust": 0.9,
"url": "http://www.kb.cert.org/vuls/id/483492"
},
{
"trust": 0.8,
"url": "http://www.openssh.com/txt/buffer.adv"
},
{
"trust": 0.8,
"url": "http://www.mindrot.org/pipermail/openssh-unix-announce/2003-september/000062.html"
},
{
"trust": 0.8,
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openssh/files/patch-buffer.c"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10156/"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20030910.html"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/tools/rpcdcom.html"
},
{
"trust": 0.8,
"url": "http://www.xfocus.org/advisories/200307/4.html"
},
{
"trust": 0.8,
"url": "http://www.nsfocus.com/english/homepage/research/0306.htm"
},
{
"trust": 0.2,
"url": "http://www.cert.org/"
},
{
"trust": 0.2,
"url": "http://www.kb.cert.org/vuls/id/333628"
},
{
"trust": 0.2,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/209807"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/jarl-5rfqqz."
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/602204"
},
{
"trust": 0.1,
"url": "http://www.cert.org/summaries/cs-2003-04.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/412478"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/567620"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/104280"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/686224"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/575892"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/732952"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/989932"
},
{
"trust": 0.1,
"url": "http://www.cert.org/current/archive/2003/09/19/archive.html#swena"
},
{
"trust": 0.1,
"url": "http://www.cert.org/summaries/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/stats/cert_stats.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/784980"
},
{
"trust": 0.1,
"url": "http://www.cert.org/training/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/838572"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/967668"
},
{
"trust": 0.1,
"url": "http://www.cert.org/current/current_activity.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-28.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-27.html"
},
{
"trust": 0.1,
"url": "https://www.cert.org/contact_cert/encryptmail.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/incident_notes/in-2003-04.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/435444"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-26.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-24.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-25.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-23.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/935264"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/467036"
},
{
"trust": 0.1,
"url": "https://www.cert.org/pgp/cert_pgp_key.asc"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/255484"
},
{
"trust": 0.1,
"url": "http://www.cert.org/current/archive/2003/11/19/archive.html#mimaili"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/865940"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/380864"
},
{
"trust": 0.1,
"url": "http://www.cert.org/congressional_testimony"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/422156"
},
{
"trust": 0.1,
"url": "http://www.cert.org/csirts/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#483492"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#254236"
},
{
"db": "PACKETSTORM",
"id": "31735"
},
{
"db": "PACKETSTORM",
"id": "32268"
},
{
"db": "CNNVD",
"id": "CNNVD-200003-002"
},
{
"db": "NVD",
"id": "CVE-2000-0201"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#483492"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#254236"
},
{
"db": "PACKETSTORM",
"id": "31735"
},
{
"db": "PACKETSTORM",
"id": "32268"
},
{
"db": "CNNVD",
"id": "CNNVD-200003-002"
},
{
"db": "NVD",
"id": "CVE-2000-0201"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-09-16T00:00:00",
"db": "CERT/CC",
"id": "VU#333628"
},
{
"date": "2003-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#483492"
},
{
"date": "2003-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#326746"
},
{
"date": "2003-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#254236"
},
{
"date": "2003-09-29T22:44:34",
"db": "PACKETSTORM",
"id": "31735"
},
{
"date": "2003-11-25T05:25:51",
"db": "PACKETSTORM",
"id": "32268"
},
{
"date": "2000-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200003-002"
},
{
"date": "2000-03-01T05:00:00",
"db": "NVD",
"id": "CVE-2000-0201"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-12T00:00:00",
"db": "CERT/CC",
"id": "VU#333628"
},
{
"date": "2003-12-11T00:00:00",
"db": "CERT/CC",
"id": "VU#483492"
},
{
"date": "2003-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#326746"
},
{
"date": "2003-12-11T00:00:00",
"db": "CERT/CC",
"id": "VU#254236"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200003-002"
},
{
"date": "2021-07-23T12:18:31.047000",
"db": "NVD",
"id": "CVE-2000-0201"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200003-002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSH contains buffer management errors",
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200003-002"
}
],
"trust": 0.6
}
}
var-200607-0093
Vulnerability from variot
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. Microsoft Internet Explorer is prone to a denial-of-service condition when processing the 'ADODB.Recordset Filter Property' COM object. A successful attack may cause the browser to fail due to a null-pointer dereference. Microsoft Internet Explorer is a very popular WEB browser released by Microsoft. When the properties of the ADODB.Recordset ActiveX object are assigned different values three times, the null pointer reference problem will be triggered. If the user is tricked into accessing a malicious WEB page containing malformed ActiveX reference code, it will cause IE to deny service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200607-0093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ie",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "6"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "network camera server vb101",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": "*"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2800.1106"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2800"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2600"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2900.2180"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2900.2180"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2800"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2600"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2800.1106"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "18773"
},
{
"db": "NVD",
"id": "CVE-2006-3354"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:windows_xp_sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3354"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "H D Moore hdm@metasploit.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
],
"trust": 0.6
},
"cve": "CVE-2006-3354",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-19462",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-3354",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200607-017",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-19462",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19462"
},
{
"db": "NVD",
"id": "CVE-2006-3354"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. Microsoft Internet Explorer is prone to a denial-of-service condition when processing the \u0027ADODB.Recordset Filter Property\u0027 COM object. \nA successful attack may cause the browser to fail due to a null-pointer dereference. Microsoft Internet Explorer is a very popular WEB browser released by Microsoft. When the properties of the ADODB.Recordset ActiveX object are assigned different values \u200b\u200bthree times, the null pointer reference problem will be triggered. If the user is tricked into accessing a malicious WEB page containing malformed ActiveX reference code, it will cause IE to deny service",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3354"
},
{
"db": "BID",
"id": "18773"
},
{
"db": "VULHUB",
"id": "VHN-19462"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-19462",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19462"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "18773",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "26834",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2006-3354",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200607-017",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "28145",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-19462",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19462"
},
{
"db": "BID",
"id": "18773"
},
{
"db": "NVD",
"id": "CVE-2006-3354"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
]
},
"id": "VAR-200607-0093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-19462"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:47:05.013000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3354"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/18773"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/26834"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27596"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/windows/ie/default.mspx"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19462"
},
{
"db": "BID",
"id": "18773"
},
{
"db": "NVD",
"id": "CVE-2006-3354"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-19462"
},
{
"db": "BID",
"id": "18773"
},
{
"db": "NVD",
"id": "CVE-2006-3354"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-19462"
},
{
"date": "2006-07-03T00:00:00",
"db": "BID",
"id": "18773"
},
{
"date": "2006-07-06T01:05:00",
"db": "NVD",
"id": "CVE-2006-3354"
},
{
"date": "2006-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-19462"
},
{
"date": "2006-07-04T20:54:00",
"db": "BID",
"id": "18773"
},
{
"date": "2021-07-23T15:04:41.580000",
"db": "NVD",
"id": "CVE-2006-3354"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer ADODB.Recordset Null pointer reference denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
],
"trust": 0.6
}
}
var-200107-0045
Vulnerability from variot
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation. A vulnerability exists in Microsoft's Remote Procedure Call (RPC) implementation. A remote attacker could exploit this vulnerability to cause a denial of service. An exploit for this vulnerability is publicly available. Certain versions of Microsoft Internet Explorer (IE) that support double-byte character sets (DBCS) contain a buffer overflow vulnerability in the Type attribute of the OBJECT element. A remote attacker could execute arbitrary code with the privileges of the user running IE. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Internet Explorer Is XML There is a problem with the style sheet processing, and even if the script is disabled in the security zone, the script will be executed. Outlook Express Including many MUA Then XML Document IE Since it is displayed using the component of, the script may be executed just by displaying the mail.Please refer to the “Overview” for the impact of this vulnerability. We are sending this message to help ensure that administrators have not overlooked one or more of these vulnerabilities.
There have been several recent vulnerabilities affecting OpenSSH. It is unclear if these issues are exploitable, but they are resolved in version 3.7.1. These four additional flaws are believed to be relatively minor, and are scheduled to be included in the next version of OpenSSH. Exploitation of this vulnerability may lead to a remote attacker gaining privileged access to the server, in some cases root access.
VU#209807 - Portable OpenSSH server PAM conversion stack corruption http://www.kb.cert.org/vuls/id/209807
There is a vulnerability in portable versions of OpenSSH 3.7p1 and 3.7.1p1 that may permit an attacker to corrupt the PAM conversion stack.
Please check the vulnerability notes for resolutions and additional details.
Thank you. -----BEGIN PGP SIGNED MESSAGE-----
CERT Summary CS-2003-04
November 24, 2003
Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT Summary to draw attention to the types of attacks reported to our incident response team, as well as other noteworthy incident and vulnerability information.
Past CERT summaries are available from:
CERT Summaries
http://www.cert.org/summaries/
Recent Activity
Since the last regularly scheduled CERT summary, issued in September 2003 (CS-2003-03), we have documented vulnerabilities in the Microsoft Windows Workstation Service, RPCSS Service, and Exchange. We have received reports of W32/Swen.A, W32/Mimail variants, and exploitation of an Internet Explorer vulnerability reported in August of 2003.
For more current information on activity being reported to the CERT/CC, please visit the CERT/CC Current Activity page. The Current Activity page is a regularly updated summary of the most frequent, high-impact types of security incidents and vulnerabilities being reported to the CERT/CC. The information on the Current Activity page is reviewed and updated as reporting trends change.
CERT/CC Current Activity
http://www.cert.org/current/current_activity.html
1. W32/Mimail Variants
The CERT/CC has received reports of several new variants of the
'Mimail' worm. The most recent variant of the worm (W32/Mimail.J)
arrives as an email message alleging to be from the Paypal
financial service. The message requests that the recipient
'verify' their account information to prevent the suspension of
their Paypal account. Attached to the email is an executable file
which captures this information (if entered), and sends it to a
number of email addresses.
Current Activity - November 19, 2003
http://www.cert.org/current/archive/2003/11/19/archive.html#mimaili
2.
CERT Advisory CA-2003-28
Buffer Overflow in Windows Workstation Service
http://www.cert.org/advisories/CA-2003-28.html
Vulnerability Note VU#567620
Microsoft Windows Workstation service vulnerable to
buffer overflow when sent specially crafted network
message
http://www.kb.cert.org/vuls/id/567620
3.
CERT Advisory CA-2003-27
Multiple Vulnerabilities in Microsoft Windows and
Exchange
http://www.cert.org/advisories/CA-2003-27.html
Vulnerability Note VU#575892
Buffer overflow in Microsoft Windows Messenger Service
http://www.kb.cert.org/vuls/id/575892
Vulnerability Note VU#422156
Microsoft Exchange Server fails to properly handle
specially crafted SMTP extended verb requests
http://www.kb.cert.org/vuls/id/422156
Vulnerability Note VU#467036
Microsoft Windows Help and support Center contains buffer
overflow in code used to handle HCP protocol
http://www.kb.cert.org/vuls/id/467036
Vulnerability Note VU#989932
Microsoft Windows contains buffer overflow in Local
Troubleshooter ActiveX control (Tshoot.ocx)
http://www.kb.cert.org/vuls/id/989932
Vulnerability Note VU#838572
Microsoft Windows Authenticode mechanism installs ActiveX
controls without prompting user
http://www.kb.cert.org/vuls/id/838572
Vulnerability Note VU#435444
Microsoft Outlook Web Access (OWA) contains cross-site
scripting vulnerability in the "Compose New Message" form
http://www.kb.cert.org/vuls/id/435444
Vulnerability Note VU#967668
Microsoft Windows ListBox and ComboBox controls vulnerable
to buffer overflow when supplied crafted Windows message
http://www.kb.cert.org/vuls/id/967668
4. Multiple Vulnerabilities in SSL/TLS Implementations
Multiple vulnerabilities exist in the Secure Sockets Layer (SSL)
and Transport Layer Security (TLS) protocols allowing an attacker
to execute arbitrary code or cause a denial-of-service condition.
CERT Advisory CA-2003-26
Multiple Vulnerabilities in SSL/TLS Implementations
http://www.cert.org/advisories/CA-2003-26.html
Vulnerability Note VU#935264
OpenSSL ASN.1 parser insecure memory deallocation
http://www.kb.cert.org/vuls/id/935264
Vulnerability Note VU#255484
OpenSSL contains integer overflow handling ASN.1 tags (1)
http://www.kb.cert.org/vuls/id/255484
Vulnerability Note VU#380864
OpenSSL contains integer overflow handling ASN.1 tags (2)
http://www.kb.cert.org/vuls/id/380864
Vulnerability Note VU#686224
OpenSSL does not securely handle invalid public key when
configured to ignore errors
http://www.kb.cert.org/vuls/id/686224
Vulnerability Note VU#732952
OpenSSL accepts unsolicited client certificate messages
http://www.kb.cert.org/vuls/id/732952
Vulnerability Note VU#104280
Multiple vulnerabilities in SSL/TLS implementations
http://www.kb.cert.org/vuls/id/104280
Vulnerability Note VU#412478
OpenSSL 0.9.6k does not properly handle ASN.1 sequences
http://www.kb.cert.org/vuls/id/412478
5. Exploitation of Internet Explorer Vulnerability
The CERT/CC received a number of reports indicating that attackers
were actively exploiting the Microsoft Internet Explorer
vulnerability described in VU#865940. These attacks include the
installation of tools for launching distributed denial-of-service
(DDoS) attacks, providing generic proxy services, reading
sensitive information from the Windows registry, and using a
victim system's modem to dial pay-per-minute services. The
vulnerability described in VU#865940 exists due to an interaction
between IE's MIME type processing and the way it handles HTML
application (HTA) files embedded in OBJECT tags. W32/Swen.A Worm
On September 19, the CERT/CC began receiving a large volume of
reports of a mass mailing worm, referred to as W32/Swen.A,
spreading on the Internet. Similar to W32/Gibe.B in function, this
worm arrives as an attachment claiming to be a Microsoft Internet
Explorer Update or a delivery failure notice from qmail. The
W32/Swen.A worm requires a user to execute the attachment either
manually or by using an email client that will open the attachment
automatically. Upon opening the attachment, the worm attempts to
mail itself to all email addresses it finds on the system. The
CERT/CC updated the current activity page to contain further
information on this worm.
Current Activity - September 19, 2003
http://www.cert.org/current/archive/2003/09/19/archive.html#swena
7. Buffer Overflow in Sendmail
Sendmail, a widely deployed mail transfer agent (MTA), contains a
vulnerability that could allow an attacker to execute arbitrary
code with the privileges of the sendmail daemon, typically root.
CERT Advisory CA-2003-25
Buffer Overflow in Sendmail
http://www.cert.org/advisories/CA-2003-25.html
Vulnerability Note VU#784980
Sendmail prescan() buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/784980
8.
CERT Advisory CA-2003-23
RPCSS Vulnerabilities in Microsoft Windows
http://www.cert.org/advisories/CA-2003-23.html
Vulnerability Note VU#483492
Microsoft Windows RPCSS Service contains heap overflow in
DCOM activation routines
http://www.kb.cert.org/vuls/id/483492
Vulnerability Note VU#254236
Microsoft Windows RPCSS Service contains heap overflow in
DCOM request filename handling
http://www.kb.cert.org/vuls/id/254236
Vulnerability Note VU#326746
Microsoft Windows RPC service vulnerable to
denial of service
http://www.kb.cert.org/vuls/id/326746
New CERT Coordination Center (CERT/CC) PGP Key
On October 15, the CERT/CC issued a new PGP key, which should be used when sending sensitive information to the CERT/CC.
CERT/CC PGP Public Key
https://www.cert.org/pgp/cert_pgp_key.asc
Sending Sensitive Information to the CERT/CC
https://www.cert.org/contact_cert/encryptmail.html
What's New and Updated
Since the last CERT Summary, we have published new and updated * Advisories http://www.cert.org/advisories/ * Vulnerability Notes http://www.kb.cert.org/vuls * CERT/CC Statistics http://www.cert.org/stats/cert_stats.html * Congressional Testimony http://www.cert.org/congressional_testimony * Training Schedule http://www.cert.org/training/ * CSIRT Development http://www.cert.org/csirts/
This document is available from: http://www.cert.org/summaries/CS-2003-04.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.
Conditions for use, disclaimers, and sponsorship information
Copyright \xa92003 Carnegie Mellon University.
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBP8JVOZZ2NNT/dVAVAQGL9wP+I18NJBUBuv7b0pam5La7E7qOQFMn5n78 7i0gBX/dKgaY5siM6jBYYwCbbA7Y0/Jwtby2zHp1s8RHZY5/3JEzElfv4TLlR8rT rb8gJDbpan2JWA6xH9IzqZaSrxrXpNypwU2wWxR2osmbYl8FdV0rD3ZYXJjyi+nU UENALuNdthA= =DD60 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200107-0045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 3.2,
"vendor": "microsoft",
"version": null
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "5.01"
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mandriva",
"version": null
},
{
"model": "windows script host",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "5.1"
},
{
"model": "windows script host",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": "internet explorer",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "appgate network security ab",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cray",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cyclades",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f secure",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "foundry",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm eserver",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingrian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mirapoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "network appliance",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nokia",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssh",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openwall gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "riverstone",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tfs",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.01"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#483492"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#254236"
},
{
"db": "CERT/CC",
"id": "VU#334928"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000056"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-151"
},
{
"db": "NVD",
"id": "CVE-2001-0002"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:windows_script_host:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:windows_script_host:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0002"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Georgi Guninski \u003cguninski@guninski.com\u003e on Nov 20, 2000 and posted in a Microsoft Security Bulletin (MS01-015).",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200107-151"
}
],
"trust": 0.6
},
"cve": "CVE-2001-0002",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2001-0002",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0002",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#333628",
"trust": 0.8,
"value": "28.98"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#483492",
"trust": 0.8,
"value": "94.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#326746",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#254236",
"trust": 0.8,
"value": "94.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#334928",
"trust": 0.8,
"value": "7.09"
},
{
"author": "CNNVD",
"id": "CNNVD-200107-151",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#483492"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#254236"
},
{
"db": "CERT/CC",
"id": "VU#334928"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000056"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-151"
},
{
"db": "NVD",
"id": "CVE-2001-0002"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation. A vulnerability exists in Microsoft\u0027s Remote Procedure Call (RPC) implementation. A remote attacker could exploit this vulnerability to cause a denial of service. An exploit for this vulnerability is publicly available. Certain versions of Microsoft Internet Explorer (IE) that support double-byte character sets (DBCS) contain a buffer overflow vulnerability in the Type attribute of the OBJECT element. A remote attacker could execute arbitrary code with the privileges of the user running IE. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Internet Explorer Is XML There is a problem with the style sheet processing, and even if the script is disabled in the security zone, the script will be executed. Outlook Express Including many MUA Then XML Document IE Since it is displayed using the component of, the script may be executed just by displaying the mail.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. We are sending this message to help ensure that\nadministrators have not overlooked one or more of these vulnerabilities. \n\nThere have been several recent vulnerabilities affecting OpenSSH. It is unclear if these issues \n are exploitable, but they are resolved in version 3.7.1. These four additional \n flaws are believed to be relatively minor, and are scheduled to be\n included in the next version of OpenSSH. \n Exploitation of this vulnerability may lead to a remote attacker \n gaining privileged access to the server, in some cases root access. \n\nVU#209807 - Portable OpenSSH server PAM conversion stack corruption\nhttp://www.kb.cert.org/vuls/id/209807\n\n There is a vulnerability in portable versions of OpenSSH 3.7p1 and\n 3.7.1p1 that may permit an attacker to corrupt the PAM conversion\n stack. \n\nPlease check the vulnerability notes for resolutions and additional \ndetails. \n\nThank you. \n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Summary CS-2003-04\n\n November 24, 2003\n\n Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT\n Summary to draw attention to the types of attacks reported to our\n incident response team, as well as other noteworthy incident and\n vulnerability information. \n\n Past CERT summaries are available from:\n\n CERT Summaries\n http://www.cert.org/summaries/\n ______________________________________________________________________\n\nRecent Activity\n\n Since the last regularly scheduled CERT summary, issued in September\n 2003 (CS-2003-03), we have documented vulnerabilities in the Microsoft\n Windows Workstation Service, RPCSS Service, and Exchange. \n We have received reports of W32/Swen.A, W32/Mimail variants, and\n exploitation of an Internet Explorer vulnerability reported in August\n of 2003. \n\n For more current information on activity being reported to the\n CERT/CC, please visit the CERT/CC Current Activity page. The Current\n Activity page is a regularly updated summary of the most frequent,\n high-impact types of security incidents and vulnerabilities being\n reported to the CERT/CC. The information on the Current Activity page\n is reviewed and updated as reporting trends change. \n\n CERT/CC Current Activity\n http://www.cert.org/current/current_activity.html\n\n\n 1. W32/Mimail Variants\n\n The CERT/CC has received reports of several new variants of the\n \u0027Mimail\u0027 worm. The most recent variant of the worm (W32/Mimail.J)\n arrives as an email message alleging to be from the Paypal\n financial service. The message requests that the recipient\n \u0027verify\u0027 their account information to prevent the suspension of\n their Paypal account. Attached to the email is an executable file\n which captures this information (if entered), and sends it to a\n number of email addresses. \n\n Current Activity - November 19, 2003\n http://www.cert.org/current/archive/2003/11/19/archive.html#mimaili\n\n\n 2. \n\n CERT Advisory CA-2003-28\n\t\tBuffer Overflow in Windows Workstation Service\n http://www.cert.org/advisories/CA-2003-28.html\n\n Vulnerability Note VU#567620\n\t\tMicrosoft Windows Workstation service vulnerable to \n\t\tbuffer overflow when sent specially crafted network\n\t\tmessage\n http://www.kb.cert.org/vuls/id/567620\n\n\n 3. \n\n CERT Advisory CA-2003-27\n\t\tMultiple Vulnerabilities in Microsoft Windows and \n\t\tExchange\n http://www.cert.org/advisories/CA-2003-27.html\n\n Vulnerability Note VU#575892\n\t\tBuffer overflow in Microsoft Windows Messenger Service\n http://www.kb.cert.org/vuls/id/575892\n\n Vulnerability Note VU#422156\n\t\tMicrosoft Exchange Server fails to properly handle\n\t\tspecially crafted SMTP extended verb requests\n http://www.kb.cert.org/vuls/id/422156\n\n Vulnerability Note VU#467036\n\t\tMicrosoft Windows Help and support Center contains buffer\n\t\toverflow in code used to handle HCP protocol\n http://www.kb.cert.org/vuls/id/467036\n\n Vulnerability Note VU#989932\n\t\tMicrosoft Windows contains buffer overflow in Local \n\t\tTroubleshooter ActiveX control (Tshoot.ocx)\n http://www.kb.cert.org/vuls/id/989932\n\n Vulnerability Note VU#838572\n\t\tMicrosoft Windows Authenticode mechanism installs ActiveX\n\t\tcontrols without prompting user\n http://www.kb.cert.org/vuls/id/838572\n\n Vulnerability Note VU#435444\n\t\tMicrosoft Outlook Web Access (OWA) contains cross-site\n\t\tscripting vulnerability in the \"Compose New Message\" form\n http://www.kb.cert.org/vuls/id/435444\n\n Vulnerability Note VU#967668\n\t\tMicrosoft Windows ListBox and ComboBox controls vulnerable\n\t\tto buffer overflow when supplied crafted Windows message\n http://www.kb.cert.org/vuls/id/967668\n\n\n 4. Multiple Vulnerabilities in SSL/TLS Implementations\n\n Multiple vulnerabilities exist in the Secure Sockets Layer (SSL)\n and Transport Layer Security (TLS) protocols allowing an attacker\n to execute arbitrary code or cause a denial-of-service condition. \n\n CERT Advisory CA-2003-26\n\t\tMultiple Vulnerabilities in SSL/TLS Implementations\n http://www.cert.org/advisories/CA-2003-26.html\n\n Vulnerability Note VU#935264\n\t\tOpenSSL ASN.1 parser insecure memory deallocation\n http://www.kb.cert.org/vuls/id/935264\n\n Vulnerability Note VU#255484\n\t\tOpenSSL contains integer overflow handling ASN.1 tags (1)\n http://www.kb.cert.org/vuls/id/255484\n\n Vulnerability Note VU#380864\n\t\tOpenSSL contains integer overflow handling ASN.1 tags (2)\n http://www.kb.cert.org/vuls/id/380864\n\n Vulnerability Note VU#686224\n\t\tOpenSSL does not securely handle invalid public key when\n\t\tconfigured to ignore errors\n http://www.kb.cert.org/vuls/id/686224\n\n Vulnerability Note VU#732952\n\t\tOpenSSL accepts unsolicited client certificate messages\n http://www.kb.cert.org/vuls/id/732952\n\n Vulnerability Note VU#104280\n\t\tMultiple vulnerabilities in SSL/TLS implementations\n http://www.kb.cert.org/vuls/id/104280\n\n Vulnerability Note VU#412478\n\t\tOpenSSL 0.9.6k does not properly handle ASN.1 sequences\n http://www.kb.cert.org/vuls/id/412478\n\n\n 5. Exploitation of Internet Explorer Vulnerability\n\n The CERT/CC received a number of reports indicating that attackers\n were actively exploiting the Microsoft Internet Explorer\n vulnerability described in VU#865940. These attacks include the\n installation of tools for launching distributed denial-of-service\n (DDoS) attacks, providing generic proxy services, reading\n sensitive information from the Windows registry, and using a\n victim system\u0027s modem to dial pay-per-minute services. The\n vulnerability described in VU#865940 exists due to an interaction\n between IE\u0027s MIME type processing and the way it handles HTML\n application (HTA) files embedded in OBJECT tags. W32/Swen.A Worm\n\n On September 19, the CERT/CC began receiving a large volume of\n reports of a mass mailing worm, referred to as W32/Swen.A,\n spreading on the Internet. Similar to W32/Gibe.B in function, this\n worm arrives as an attachment claiming to be a Microsoft Internet\n Explorer Update or a delivery failure notice from qmail. The\n W32/Swen.A worm requires a user to execute the attachment either\n manually or by using an email client that will open the attachment\n automatically. Upon opening the attachment, the worm attempts to\n mail itself to all email addresses it finds on the system. The\n CERT/CC updated the current activity page to contain further\n information on this worm. \n\n Current Activity - September 19, 2003\n http://www.cert.org/current/archive/2003/09/19/archive.html#swena\n\n\n 7. Buffer Overflow in Sendmail\n\n Sendmail, a widely deployed mail transfer agent (MTA), contains a\n vulnerability that could allow an attacker to execute arbitrary\n code with the privileges of the sendmail daemon, typically root. \n\n CERT Advisory CA-2003-25\n\t\tBuffer Overflow in Sendmail\n http://www.cert.org/advisories/CA-2003-25.html\n\n Vulnerability Note VU#784980\n\t\tSendmail prescan() buffer overflow vulnerability\n http://www.kb.cert.org/vuls/id/784980\n\n\n 8. \n\n CERT Advisory CA-2003-23\n\t\tRPCSS Vulnerabilities in Microsoft Windows\n http://www.cert.org/advisories/CA-2003-23.html\n\n Vulnerability Note VU#483492\n\t\tMicrosoft Windows RPCSS Service contains heap overflow in\n\t\tDCOM activation routines\n http://www.kb.cert.org/vuls/id/483492\n\n Vulnerability Note VU#254236\n\t\tMicrosoft Windows RPCSS Service contains heap overflow in\n\t\tDCOM request filename handling\n http://www.kb.cert.org/vuls/id/254236\n\n Vulnerability Note VU#326746\n\t\tMicrosoft Windows RPC service vulnerable to \n\t\tdenial of service\n http://www.kb.cert.org/vuls/id/326746\n ______________________________________________________________________\n\nNew CERT Coordination Center (CERT/CC) PGP Key\n\n On October 15, the CERT/CC issued a new PGP key, which should be used\n when sending sensitive information to the CERT/CC. \n\n CERT/CC PGP Public Key\n https://www.cert.org/pgp/cert_pgp_key.asc\n\n Sending Sensitive Information to the CERT/CC\n https://www.cert.org/contact_cert/encryptmail.html\n ______________________________________________________________________\n\nWhat\u0027s New and Updated\n\n Since the last CERT Summary, we have published new and updated\n * Advisories\n http://www.cert.org/advisories/\n * Vulnerability Notes\n http://www.kb.cert.org/vuls\n * CERT/CC Statistics\n http://www.cert.org/stats/cert_stats.html\n * Congressional Testimony\n http://www.cert.org/congressional_testimony\n * Training Schedule\n http://www.cert.org/training/\n * CSIRT Development\n http://www.cert.org/csirts/\n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/summaries/CS-2003-04.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n ______________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright \\xa92003 Carnegie Mellon University. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBP8JVOZZ2NNT/dVAVAQGL9wP+I18NJBUBuv7b0pam5La7E7qOQFMn5n78\n7i0gBX/dKgaY5siM6jBYYwCbbA7Y0/Jwtby2zHp1s8RHZY5/3JEzElfv4TLlR8rT\nrb8gJDbpan2JWA6xH9IzqZaSrxrXpNypwU2wWxR2osmbYl8FdV0rD3ZYXJjyi+nU\nUENALuNdthA=\n=DD60\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0002"
},
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#483492"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#254236"
},
{
"db": "CERT/CC",
"id": "VU#334928"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000056"
},
{
"db": "PACKETSTORM",
"id": "31735"
},
{
"db": "PACKETSTORM",
"id": "32268"
}
],
"trust": 5.4
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#326746",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2001-0002",
"trust": 2.4
},
{
"db": "CERT/CC",
"id": "VU#254236",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#483492",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "7823",
"trust": 1.6
},
{
"db": "BID",
"id": "2456",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#333628",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "10156",
"trust": 0.8
},
{
"db": "XF",
"id": "12970",
"trust": 0.8
},
{
"db": "BID",
"id": "7806",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#334928",
"trust": 0.8
},
{
"db": "BID",
"id": "2633",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000056",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200107-151",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "VU#602204",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#209807",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "31735",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#784980",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#575892",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#255484",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#865940",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#467036",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#380864",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#838572",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#422156",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#412478",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#935264",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#686224",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#104280",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#567620",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#989932",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#967668",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#435444",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#732952",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "32268",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#483492"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#254236"
},
{
"db": "CERT/CC",
"id": "VU#334928"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000056"
},
{
"db": "PACKETSTORM",
"id": "31735"
},
{
"db": "PACKETSTORM",
"id": "32268"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-151"
},
{
"db": "NVD",
"id": "CVE-2001-0002"
}
]
},
"id": "VAR-200107-0045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-07-04T22:18:25.097000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS01-015",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms01-015.mspx"
},
{
"title": "MS01-015",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms01-015.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000056"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0002"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.microsoft.com/technet/security/bulletin/ms03-039.asp"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/326746"
},
{
"trust": 1.6,
"url": "http://support.microsoft.com/?kbid=825750"
},
{
"trust": 1.6,
"url": "http://support.microsoft.com/?kbid=827363"
},
{
"trust": 1.6,
"url": "http://www.cert.org/advisories/ca-2003-19.html"
},
{
"trust": 1.6,
"url": "http://cgi.nessus.org/plugins/dump.php3?id=11835"
},
{
"trust": 1.6,
"url": "http://www.iss.net/support/product_utilities/xfrpcss.php"
},
{
"trust": 1.6,
"url": "http://www.ntbugtraq.com/dcomrpc.asp"
},
{
"trust": 1.6,
"url": "http://securecomputing.stanford.edu/alerts/win-rpc-10sept2003.html"
},
{
"trust": 1.6,
"url": "http://www.coresecurity.com/common/showdoc.php?idx=393\u0026idxseccion=10"
},
{
"trust": 1.6,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015"
},
{
"trust": 1.6,
"url": "http://www.guninski.com/chmtempmain.html"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a920"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/7823"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/2456"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5567"
},
{
"trust": 0.9,
"url": "http://www.kb.cert.org/vuls/id/254236"
},
{
"trust": 0.9,
"url": "http://www.kb.cert.org/vuls/id/483492"
},
{
"trust": 0.8,
"url": "http://www.openssh.com/txt/buffer.adv"
},
{
"trust": 0.8,
"url": "http://www.mindrot.org/pipermail/openssh-unix-announce/2003-september/000062.html"
},
{
"trust": 0.8,
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openssh/files/patch-buffer.c"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10156/"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20030910.html"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/tools/rpcdcom.html"
},
{
"trust": 0.8,
"url": "http://www.xfocus.org/advisories/200307/4.html"
},
{
"trust": 0.8,
"url": "http://www.nsfocus.com/english/homepage/research/0306.htm"
},
{
"trust": 0.8,
"url": "http://www.lac.co.jp/security/english/snsadv_e/68_e.html"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms03-032.asp"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/workshop/author/dhtml/reference/objects/object.asp"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/12970"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/7806"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0002"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0002"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2633"
},
{
"trust": 0.2,
"url": "http://www.cert.org/"
},
{
"trust": 0.2,
"url": "http://www.kb.cert.org/vuls/id/333628"
},
{
"trust": 0.2,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/209807"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/jarl-5rfqqz."
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/602204"
},
{
"trust": 0.1,
"url": "http://www.cert.org/summaries/cs-2003-04.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/412478"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/567620"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/104280"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/686224"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/575892"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/732952"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/989932"
},
{
"trust": 0.1,
"url": "http://www.cert.org/current/archive/2003/09/19/archive.html#swena"
},
{
"trust": 0.1,
"url": "http://www.cert.org/summaries/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/stats/cert_stats.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/784980"
},
{
"trust": 0.1,
"url": "http://www.cert.org/training/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/838572"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/967668"
},
{
"trust": 0.1,
"url": "http://www.cert.org/current/current_activity.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-28.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-27.html"
},
{
"trust": 0.1,
"url": "https://www.cert.org/contact_cert/encryptmail.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/incident_notes/in-2003-04.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/435444"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-26.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-24.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-25.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-23.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/935264"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/467036"
},
{
"trust": 0.1,
"url": "https://www.cert.org/pgp/cert_pgp_key.asc"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/255484"
},
{
"trust": 0.1,
"url": "http://www.cert.org/current/archive/2003/11/19/archive.html#mimaili"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/865940"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/380864"
},
{
"trust": 0.1,
"url": "http://www.cert.org/congressional_testimony"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/422156"
},
{
"trust": 0.1,
"url": "http://www.cert.org/csirts/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#483492"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#254236"
},
{
"db": "CERT/CC",
"id": "VU#334928"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000056"
},
{
"db": "PACKETSTORM",
"id": "31735"
},
{
"db": "PACKETSTORM",
"id": "32268"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-151"
},
{
"db": "NVD",
"id": "CVE-2001-0002"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#483492"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#254236"
},
{
"db": "CERT/CC",
"id": "VU#334928"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000056"
},
{
"db": "PACKETSTORM",
"id": "31735"
},
{
"db": "PACKETSTORM",
"id": "32268"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-151"
},
{
"db": "NVD",
"id": "CVE-2001-0002"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-09-16T00:00:00",
"db": "CERT/CC",
"id": "VU#333628"
},
{
"date": "2003-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#483492"
},
{
"date": "2003-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#326746"
},
{
"date": "2003-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#254236"
},
{
"date": "2003-08-26T00:00:00",
"db": "CERT/CC",
"id": "VU#334928"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000056"
},
{
"date": "2003-09-29T22:44:34",
"db": "PACKETSTORM",
"id": "31735"
},
{
"date": "2003-11-25T05:25:51",
"db": "PACKETSTORM",
"id": "32268"
},
{
"date": "2001-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200107-151"
},
{
"date": "2001-07-21T04:00:00",
"db": "NVD",
"id": "CVE-2001-0002"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-12T00:00:00",
"db": "CERT/CC",
"id": "VU#333628"
},
{
"date": "2003-12-11T00:00:00",
"db": "CERT/CC",
"id": "VU#483492"
},
{
"date": "2003-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#326746"
},
{
"date": "2003-12-11T00:00:00",
"db": "CERT/CC",
"id": "VU#254236"
},
{
"date": "2005-08-11T00:00:00",
"db": "CERT/CC",
"id": "VU#334928"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000056"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200107-151"
},
{
"date": "2021-07-23T12:18:31.047000",
"db": "NVD",
"id": "CVE-2001-0002"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200107-151"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSH contains buffer management errors",
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200107-151"
}
],
"trust": 0.6
}
}
var-200703-0270
Vulnerability from variot
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. Microsoft Internet Explorer is prone to a denial-of-service vulnerability when handling malicious HTML files. Successfully exploiting this issue allows attackers to consume excessive CPU resources in the affected browser and eventually cause Internet Explorer to crash, causing a denial-of-service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network camera server vb101",
"scope": null,
"trust": 1.4,
"vendor": "canon",
"version": null
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "network camera server vb101",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": "*"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2900.2180"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2800.1106"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2800"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2900"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2600"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "7"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.0 and 7.0"
},
{
"model": "internet explorer beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "internet explorer beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "internet explorer beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "19364"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"db": "NVD",
"id": "CVE-2006-7065"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:*:windowsxp:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_2000:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:sp1:windows_xp:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:*:windows_2000:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:*:windows_server_2003:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:7.0:windows_xp_sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:7:*:windows_server_2003:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:sp2:windows_xp:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:*:microsoft_windows_server_2003_sp1:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:7.0:beta_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:7:windows_server_2003_sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:windows_xp_sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:7:windows_2000_sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:7:windows_xp_sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-7065"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thomas Pollet is credited with the discovery of this issue.",
"sources": [
{
"db": "BID",
"id": "19364"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
],
"trust": 0.9
},
"cve": "CVE-2006-7065",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2006-7065",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-23173",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-7065",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-042",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-23173",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23173"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"db": "NVD",
"id": "CVE-2006-7065"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. Microsoft Internet Explorer is prone to a denial-of-service vulnerability when handling malicious HTML files. \nSuccessfully exploiting this issue allows attackers to consume excessive CPU resources in the affected browser and eventually cause Internet Explorer to crash, causing a denial-of-service",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-7065"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"db": "BID",
"id": "19364"
},
{
"db": "VULHUB",
"id": "VHN-23173"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-23173",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23173"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-7065",
"trust": 2.8
},
{
"db": "BID",
"id": "19364",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003110",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "28343",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-81914",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-23173",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23173"
},
{
"db": "BID",
"id": "19364"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"db": "NVD",
"id": "CVE-2006-7065"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
]
},
"id": "VAR-200703-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-23173"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:54:04.827000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://canon.jp/"
},
{
"title": "Internet Explorer",
"trust": 0.8,
"url": "http://windows.microsoft.com/en-us/internet-explorer/downloads/ie"
},
{
"title": "Microsoft Internet Explorer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=157784"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-7065"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19364"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html"
},
{
"trust": 1.7,
"url": "http://www3.ca.com/be/securityadvisor/vulninfo/vuln.aspx?id=34511"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7065"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-7065"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/windows/ie/default.mspx"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23173"
},
{
"db": "BID",
"id": "19364"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"db": "NVD",
"id": "CVE-2006-7065"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-23173"
},
{
"db": "BID",
"id": "19364"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"db": "NVD",
"id": "CVE-2006-7065"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-02T00:00:00",
"db": "VULHUB",
"id": "VHN-23173"
},
{
"date": "2006-08-06T00:00:00",
"db": "BID",
"id": "19364"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"date": "2007-03-02T21:18:00",
"db": "NVD",
"id": "CVE-2006-7065"
},
{
"date": "2007-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-23173"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "19364"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"date": "2021-07-23T15:06:35.703000",
"db": "NVD",
"id": "CVE-2006-7065"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer 6 and 7 Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
],
"trust": 0.6
}
}
var-200606-0464
Vulnerability from variot
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system.
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports.
SOLUTION: Disable Active Scripting support.
Do not enter suspicious text when visiting untrusted web sites.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.
TITLE: Mozilla Firefox Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA26095
VERIFY ADVISORY: http://secunia.com/advisories/26095/
CRITICAL: Highly critical
IMPACT: Cross Site Scripting, Spoofing, DoS, System access
WHERE:
From remote
SOFTWARE: Mozilla Firefox 2.0.x http://secunia.com/product/12434/
DESCRIPTION: Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks and potentially to compromise a user's system.
1) Various errors in the browser engine can be exploited to cause memory corruption and potentially to execute arbitrary code.
2) Various errors in the Javascript engine can be exploited to cause memory corruption and potentially to execute arbitrary code.
3) An error in the "addEventListener" and "setTimeout" methods can be exploited to inject script into another site's context, circumventing the browser's same-origin policy.
4) An error in the cross-domain handling can be exploited to inject arbitrary HTML and script code in a sub-frame of another web site.
This is related to vulnerability #5 in: SA21906
5) An unspecified error in the handling of elements outside of documents allows an attacker to call an event handler and execute arbitrary code with chrome privileges.
6) An unspecified error in the handling of "XPCNativeWrapper" can lead to execution of user-supplied code.
SOLUTION: Update to version 2.0.0.5.
PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson, and Vladimir Sukhoy. 2) The vendor credits Asaf Romano, Jesse Ruderman, and Igor Bukanov. 3, 5) The vendor credits moz_bug_r_a4 4) Ronen Zilberman and Michal Zalewski 6) The vendor credits shutdown and moz_bug_r_a4.
ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2007/mfsa2007-18.html http://www.mozilla.org/security/announce/2007/mfsa2007-19.html http://www.mozilla.org/security/announce/2007/mfsa2007-20.html http://www.mozilla.org/security/announce/2007/mfsa2007-21.html http://www.mozilla.org/security/announce/2007/mfsa2007-25.html
OTHER REFERENCES: SA21906: http://secunia.com/advisories/21906/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
The vulnerability is caused due to an error within the handling of "about:blank" pages loaded by chrome in an addon. This can be exploited to execute script code under chrome privileges by e.g. clicking on a link opened in an "about:blank" window created and populated in a certain ways by an addon.
Successful exploitation requires that certain addons are installed. http://www.mozilla.com/en-US/firefox/
Thunderbird: Fixed in the upcoming version 2.0.0.6. http://www.mozilla.com/en-US/thunderbird/
SeaMonkey: Fixed in the upcoming version 1.1.4.
For more information: SA26201
PROVIDED AND/OR DISCOVERED BY: moz_bug_r_a4
CHANGELOG: 2007-07-31: Updated "Description". Added link to vendor advisory. "mailto", "news", "nntp", "snews", "telnet"). using Firefox visits a malicious website with a specially crafted "mailto" URI containing a "%" character and ends in a certain extension (e.g.
The vulnerability is confirmed on a fully patched Windows XP SP2 and Windows Server 2003 SP2 system using Firefox version 2.0.0.5 and Netscape Navigator version 9.0b2. Other versions and browsers may also be affected.
SOLUTION: Do not browse untrusted websites or follow untrusted links.
PROVIDED AND/OR DISCOVERED BY: Vulnerability discovered by: * Billy (BK) Rios
Firefox not escaping quotes originally discussed by: * Jesper Johansson
Additional research by Secunia Research. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-297B
Adobe Updates for Microsoft Windows URI Vulnerability
Original release date: October 24, 2007 Last revised: -- Source: US-CERT
Systems Affected
Microsoft Windows XP and Windows Server 2003 systems with Internet Explorer 7 and any of the following Adobe products: * Adobe Reader 8.1 and earlier * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier * Adobe Reader 7.0.9 and earlier * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and earlier
Overview
Adobe has released updates for the Adobe Reader and Adobe Acrobat product families. The update addresses a URI handling vulnerability in Microsoft Windows XP and Server 2003 systems with Internet Explorer 7.
I. Description
Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server 2003 changes the way Windows handles Uniform Resource Identifiers (URIs). This change has introduced a flaw that can cause Windows to incorrectly determine the appropriate handler for the protocol specified in a URI. More information about this vulnerability is available in US-CERT Vulnerability Note VU#403150.
Public reports indicate that this vulnerability is being actively exploited with malicious PDF files. Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability.
II.
III. Solution
Apply an update
Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to address this issue. These Adobe products handle URIs in a way that mitigates the vulnerability in Microsoft Windows.
Disable the mailto: URI in Adobe Reader and Adobe Acrobat
If you are unable to install an updated version of the software, this vulnerability can be mitigated by disabling the mailto: URI handler in Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin APSB07-18 for details.
Appendix A. Vendor Information
Adobe
For information about updating affected Adobe products, see Adobe Security Bulletin APSB07-18.
Appendix B. References
* Adobe Security Bulletin APSB07-18 -
<http://www.adobe.com/support/security/bulletins/apsb07-18.htm>
* Microsoft Security Advisory (943521) -
<http://www.microsoft.com/technet/security/advisory/943521.mspx>
* US-CERT Vulnerability Note VU#403150 -
<http://www.kb.cert.org/vuls/id/403150>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-297B.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-297B Feedback VU#403150" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
October 24, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H 3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ lKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s VNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57 4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI LazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ== =PgB9 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200606-0464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "mozilla",
"version": null
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.01"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6"
},
{
"model": "network camera server vb101",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "adobe",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "network camera server vb101",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2900"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
}
],
"trust": 0.4
},
"cve": "CVE-2006-2900",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-19008",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-2900",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#143297",
"trust": 0.8,
"value": "8.51"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#403150",
"trust": 0.8,
"value": "18.43"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#783400",
"trust": 0.8,
"value": "25.52"
},
{
"author": "CNNVD",
"id": "CNNVD-200606-183",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-19008",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system. \n\n----------------------------------------------------------------------\n\nWant to join the Secunia Security Team?\n\nSecunia offers a position as a security specialist, where your daily\nwork involves reverse engineering of software and exploit code,\nauditing of source code, and analysis of vulnerability reports. \n\nSOLUTION:\nDisable Active Scripting support. \n\nDo not enter suspicious text when visiting untrusted web sites. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n----------------------------------------------------------------------\n\nTITLE:\nMozilla Firefox Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26095\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26095/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nCross Site Scripting, Spoofing, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nMozilla Firefox 2.0.x\nhttp://secunia.com/product/12434/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Mozilla Firefox, which can\nbe exploited by malicious people to conduct spoofing and cross-site\nscripting attacks and potentially to compromise a user\u0027s system. \n\n1) Various errors in the browser engine can be exploited to cause\nmemory corruption and potentially to execute arbitrary code. \n\n2) Various errors in the Javascript engine can be exploited to cause\nmemory corruption and potentially to execute arbitrary code. \n\n3) An error in the \"addEventListener\" and \"setTimeout\" methods can be\nexploited to inject script into another site\u0027s context, circumventing\nthe browser\u0027s same-origin policy. \n\n4) An error in the cross-domain handling can be exploited to inject\narbitrary HTML and script code in a sub-frame of another web site. \n\nThis is related to vulnerability #5 in:\nSA21906\n\n5) An unspecified error in the handling of elements outside of\ndocuments allows an attacker to call an event handler and execute\narbitrary code with chrome privileges. \n\n6) An unspecified error in the handling of \"XPCNativeWrapper\" can\nlead to execution of user-supplied code. \n\nSOLUTION:\nUpdate to version 2.0.0.5. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Bernd Mielke, Boris Zbarsky, David Baron,\nDaniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats\nPalmgren, Olli Pettay, Paul Nickerson, and Vladimir Sukhoy. \n2) The vendor credits Asaf Romano, Jesse Ruderman, and Igor Bukanov. \n3, 5) The vendor credits moz_bug_r_a4\n4) Ronen Zilberman and Michal Zalewski\n6) The vendor credits shutdown and moz_bug_r_a4. \n\nORIGINAL ADVISORY:\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-18.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-19.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-20.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-21.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-25.html\n\nOTHER REFERENCES:\nSA21906:\nhttp://secunia.com/advisories/21906/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nThe vulnerability is caused due to an error within the handling of\n\"about:blank\" pages loaded by chrome in an addon. This can be\nexploited to execute script code under chrome privileges by e.g. \nclicking on a link opened in an \"about:blank\" window created and\npopulated in a certain ways by an addon. \n\nSuccessful exploitation requires that certain addons are installed. \nhttp://www.mozilla.com/en-US/firefox/\n\nThunderbird:\nFixed in the upcoming version 2.0.0.6. \nhttp://www.mozilla.com/en-US/thunderbird/\n\nSeaMonkey:\nFixed in the upcoming version 1.1.4. \n\nFor more information:\nSA26201\n\nPROVIDED AND/OR DISCOVERED BY:\nmoz_bug_r_a4\n\nCHANGELOG:\n2007-07-31: Updated \"Description\". Added link to vendor advisory. \"mailto\", \"news\", \"nntp\", \"snews\", \"telnet\"). using\nFirefox visits a malicious website with a specially crafted \"mailto\"\nURI containing a \"%\" character and ends in a certain extension (e.g. \n\nThe vulnerability is confirmed on a fully patched Windows XP SP2 and\nWindows Server 2003 SP2 system using Firefox version 2.0.0.5 and\nNetscape Navigator version 9.0b2. Other versions and browsers may\nalso be affected. \n\nSOLUTION:\nDo not browse untrusted websites or follow untrusted links. \n\nPROVIDED AND/OR DISCOVERED BY:\nVulnerability discovered by:\n* Billy (BK) Rios\n\nFirefox not escaping quotes originally discussed by:\n* Jesper Johansson\n\nAdditional research by Secunia Research. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\tNational Cyber Alert System\n Technical Cyber Security Alert TA07-297B\n\n\nAdobe Updates for Microsoft Windows URI Vulnerability\n\n Original release date: October 24, 2007\n Last revised: --\n Source: US-CERT\n\nSystems Affected\n\n Microsoft Windows XP and Windows Server 2003 systems with Internet\n Explorer 7 and any of the following Adobe products:\n * Adobe Reader 8.1 and earlier\n * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier\n * Adobe Reader 7.0.9 and earlier\n * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and\n earlier\n\nOverview\n\n Adobe has released updates for the Adobe Reader and Adobe Acrobat\n product families. The update addresses a URI handling vulnerability in\n Microsoft Windows XP and Server 2003 systems with Internet Explorer 7. \n\nI. Description\n\n Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server\n 2003 changes the way Windows handles Uniform Resource Identifiers\n (URIs). This change has introduced a flaw that can cause Windows to\n incorrectly determine the appropriate handler for the protocol\n specified in a URI. More information about this vulnerability is available in\n US-CERT Vulnerability Note VU#403150. \n\n Public reports indicate that this vulnerability is being actively\n exploited with malicious PDF files. Adobe has released Adobe Reader\n 8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability. \n\nII. \n\nIII. Solution\n\nApply an update\n\n Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to\n address this issue. These Adobe products handle URIs in a way that\n mitigates the vulnerability in Microsoft Windows. \n\nDisable the mailto: URI in Adobe Reader and Adobe Acrobat\n\n If you are unable to install an updated version of the software, this\n vulnerability can be mitigated by disabling the mailto: URI handler in\n Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin\n APSB07-18 for details. \n\n\nAppendix A. Vendor Information\n\nAdobe\n\n For information about updating affected Adobe products, see Adobe\n Security Bulletin APSB07-18. \n\nAppendix B. References\n\n * Adobe Security Bulletin APSB07-18 -\n \u003chttp://www.adobe.com/support/security/bulletins/apsb07-18.htm\u003e\n \n * Microsoft Security Advisory (943521) -\n \u003chttp://www.microsoft.com/technet/security/advisory/943521.mspx\u003e\n \n * US-CERT Vulnerability Note VU#403150 -\n \u003chttp://www.kb.cert.org/vuls/id/403150\u003e\n\n _________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA07-297B.html\u003e\n _________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA07-297B Feedback VU#403150\" in the\n subject. \n _________________________________________________________________\n \n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n _________________________________________________________________\n\n Produced 2007 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n _________________________________________________________________\n\nRevision History\n\n October 24, 2007: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H\n3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ\nlKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s\nVNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57\n4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI\nLazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ==\n=PgB9\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "26201",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "20449",
"trust": 1.8
},
{
"db": "BID",
"id": "18308",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1059",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-2161",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2006-2900",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26288",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "26095",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#403150",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#783400",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#143297",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20060605 FILE UPLOAD WIDGETS IN IE AND FIREFOX HAVE ISSUES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-19008",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "47071",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "57832",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58191",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58068",
"trust": 0.1
},
{
"db": "USCERT",
"id": "TA07-297B",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "60418",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
]
},
"id": "VAR-200606-0464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-19008"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:05:26.386000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://secunia.com/advisories/26201/"
},
{
"trust": 1.7,
"url": "http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/18308"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-june/046610.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/20449"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1059"
},
{
"trust": 1.6,
"url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
},
{
"trust": 1.6,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=389580"
},
{
"trust": 1.6,
"url": "http://support.microsoft.com/kb/224816"
},
{
"trust": 1.6,
"url": "http://kb.mozillazine.org/firefox_:_faqs_:_about:config_entries"
},
{
"trust": 1.6,
"url": "http://en.wikipedia.org/wiki/uniform_resource_identifier"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/2161"
},
{
"trust": 0.9,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-20.html"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/26095/"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/26288/"
},
{
"trust": 0.8,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html"
},
{
"trust": 0.8,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686"
},
{
"trust": 0.8,
"url": "http://www.w3schools.com/tags/tag_iframe.asp"
},
{
"trust": 0.8,
"url": "http://www.w3.org/tr/html401/present/frames.html#h-16.5"
},
{
"trust": 0.8,
"url": "https://addons.mozilla.org/en-us/firefox/addon/722"
},
{
"trust": 0.8,
"url": "http://www.mozilla.org/projects/security/components/same-origin.html"
},
{
"trust": 0.8,
"url": "http://www.cert.org/archive/pdf/cross_site_scripting.pdf"
},
{
"trust": 0.8,
"url": "http://www.stopbadware.org/home/security#preventing"
},
{
"trust": 0.8,
"url": "http://www.antiphishing.org/consumer_recs.html"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/reading_room/securing_browser/"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms07-061.mspx"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/msrc/archive/2007/10/25/msrc-blog-october-25th-update-to-security-advisory-943521.aspx"
},
{
"trust": 0.8,
"url": "http://www.adobe.com/support/security/advisories/apsa07-04.html"
},
{
"trust": 0.8,
"url": "http://www.adobe.com/support/security/bulletins/apsb07-18.html"
},
{
"trust": 0.8,
"url": "http://en-us.www.mozilla.com/en-us/firefox/2.0.0.6/releasenotes/"
},
{
"trust": 0.8,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=389106"
},
{
"trust": 0.8,
"url": "http://www.w3schools.com/tags/ref_urlencode.asp"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/2161"
},
{
"trust": 0.4,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.4,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.4,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.2,
"url": "http://secunia.com/product/12434/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20449/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20442/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-18.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-25.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21906/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-19.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-21.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/projects/seamonkey/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.com/en-us/firefox/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-27.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.com/en-us/thunderbird/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14383/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14070/"
},
{
"trust": 0.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=388121"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-26.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1173/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/22/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1174/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1176/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1175/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/783400"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12366/"
},
{
"trust": 0.1,
"url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/20/hey-mozilla-quotes-are-not-legal-in-a-url.aspx"
},
{
"trust": 0.1,
"url": "http://www.adobe.com/support/security/bulletins/apsb07-18.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/advisory/943521.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/403150\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-297b.html\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-06-08T00:00:00",
"db": "CERT/CC",
"id": "VU#143297"
},
{
"date": "2007-07-27T00:00:00",
"db": "CERT/CC",
"id": "VU#403150"
},
{
"date": "2007-07-26T00:00:00",
"db": "CERT/CC",
"id": "VU#783400"
},
{
"date": "2006-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-19008"
},
{
"date": "2006-06-10T05:36:59",
"db": "PACKETSTORM",
"id": "47071"
},
{
"date": "2007-07-19T02:44:59",
"db": "PACKETSTORM",
"id": "57832"
},
{
"date": "2007-08-01T00:35:42",
"db": "PACKETSTORM",
"id": "58191"
},
{
"date": "2007-07-27T03:17:23",
"db": "PACKETSTORM",
"id": "58068"
},
{
"date": "2007-10-25T04:18:19",
"db": "PACKETSTORM",
"id": "60418"
},
{
"date": "2006-06-07T16:02:00",
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"date": "2006-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-14T00:00:00",
"db": "CERT/CC",
"id": "VU#143297"
},
{
"date": "2007-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#403150"
},
{
"date": "2007-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#783400"
},
{
"date": "2011-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-19008"
},
{
"date": "2011-10-11T04:00:00",
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"date": "2006-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mozilla Firefox allows cross-domain iframe access via JavaScript",
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
],
"trust": 0.6
}
}
var-200604-0205
Vulnerability from variot
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626. Microsoft Internet Explorer is prone to address-bar spoofing. Attackers may exploit this via a malicious web page to spoof the contents of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing.
TITLE: Internet Explorer Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA18957
VERIFY ADVISORY: http://secunia.com/advisories/18957/
CRITICAL: Highly critical
IMPACT: Spoofing, System access, Cross Site Scripting
WHERE:
From remote
SOFTWARE: Microsoft Internet Explorer 5.5 http://secunia.com/product/10/ Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ Microsoft Internet Explorer 6.x http://secunia.com/product/11/
DESCRIPTION: Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct phishing attacks, or compromise a user's system.
1) An error in the cross-domain restriction when accessing properties of certain dynamically created objects can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site via a JavaScript URI handler applied on a dynamically created "object" tag.
2) An error within the handling of multiple event handlers (e.g. onLoad) in an HTML element can be exploited to corrupt memory in a way that may allow execution of arbitrary code.
3) An error within the parsing of specially crafted, non-valid HTML can be exploited to corrupt memory in a way that allows execution of arbitrary code when a malicious HTML document is viewed.
4) An error within the instantiation of COM objects that are not intended to be instantiated in Internet Explorer can be exploited to corrupt memory in a way that allows execution of arbitrary code.
5) An error within the handling of HTML elements containing a specially crafted tag can be exploited to corrupt memory in a way that allows execution of arbitrary code.
6) An error within the handling of double-byte characters in specially crafted URLs can be exploited to corrupt memory in a way that allows execution of arbitrary code.
Successful exploitation requires that the system uses double-byte character sets.
7) An error in the way IOleClientSite information is returned when an embedded object is dynamically created can be exploited to execute arbitrary code in context of another site or security zone.
8) An unspecified error can be exploited to spoof information displayed in the address bar and other parts of the trust UI.
9) Some unspecified vulnerabilities exist in the two ActiveX controls included with Danim.dll and Dxtmsft.dll.
SOLUTION: Apply patches.
Internet Explorer 5.01 SP4 on Windows 2000 SP4: http://www.microsoft.com/downloa...7B87-AF8F-4346-9164-596E3E5C22B1
Internet Explorer 6 SP1 on Windows 2000 SP4 or Windows XP SP1: http://www.microsoft.com/downloa...41E1-2B36-4696-987A-099FC57E0129
Internet Explorer 6 for Windows XP SP2: http://www.microsoft.com/downloa...FB31-E6B4-4771-81F1-4ACCEBF72133
Internet Explorer 6 for Windows Server 2003 and Windows Server 2003 SP1: http://www.microsoft.com/downloa...6871-D217-41D3-BECC-B27FAFA00054
Internet Explorer 6 for Windows Server 2003 for Itanium-based systems and Windows Server 2003 with SP1 for Itanium-based systems: http://www.microsoft.com/downloa...957C-0ABE-4129-ABAF-AA2852AD62A3
Internet Explorer 6 for Windows Server 2003 x64 Edition: http://www.microsoft.com/downloa...8BE3-39EE-4937-9BD1-280FC35125C6
Internet Explorer 6 for Windows XP Professional x64 Edition: http://www.microsoft.com/downloa...FE3E-620A-4BBC-868B-CA2D9EFF7AC3
Internet Explorer 6 SP1 on Windows 98, Windows 98 SE, or Windows ME: Patches are available via the Microsoft Update Web site or the Windows Update Web site.
PROVIDED AND/OR DISCOVERED BY: 1) Discovered by anonymous person. 2) Michal Zalewski 3) The vendor credits Jan P. Monsch, Compass Security Network Computing. 4) The vendor credits Richard M. Smith, Boston Software Forensics. 5) The vendor credits Thomas Waldegger. 6) The vendor credits Sowhat, Nevis Labs. 7) The vendor credits Heiko Schultze, SAP. 9) The vendor credits Will Dormann, CERT/CC.
ORIGINAL ADVISORY: MS06-013 (KB912812): http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200604-0205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "6"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "5.01"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "6"
},
{
"model": "network camera server vb101",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": "*"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "5.01"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows server 2003"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows server 2003 for itanium-based systems"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows server 2003 x64 edition"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows xp"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows xp professional x64 edition"
},
{
"model": "internet explorer sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer for windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.14.0"
},
{
"model": "internet explorer for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.198"
},
{
"model": "internet explorer for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.195"
},
{
"model": "internet explorer for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.12000"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp2 do not use",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0-"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "17460"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"db": "NVD",
"id": "CVE-2006-1192"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1192"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
}
],
"trust": 0.6
},
"cve": "CVE-2006-1192",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2006-1192",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "VHN-17300",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-1192",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200604-160",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-17300",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17300"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"db": "NVD",
"id": "CVE-2006-1192"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow \"window content to persist\" after the user has navigated to another site, aka the \"Address Bar Spoofing Vulnerability.\" NOTE: this is a different vulnerability than CVE-2006-1626. Microsoft Internet Explorer is prone to address-bar spoofing. Attackers may exploit this via a malicious web page to spoof the contents of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing. \n\nTITLE:\nInternet Explorer Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA18957\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18957/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSpoofing, System access, Cross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nMicrosoft Internet Explorer 5.5\nhttp://secunia.com/product/10/\nMicrosoft Internet Explorer 5.01\nhttp://secunia.com/product/9/\nMicrosoft Internet Explorer 6.x\nhttp://secunia.com/product/11/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Internet Explorer,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks, conduct phishing attacks, or compromise a user\u0027s\nsystem. \n\n1) An error in the cross-domain restriction when accessing properties\nof certain dynamically created objects can be exploited to execute\narbitrary HTML and script code in a user\u0027s browser session in context\nof an arbitrary site via a JavaScript URI handler applied on a\ndynamically created \"object\" tag. \n\n2) An error within the handling of multiple event handlers (e.g. \nonLoad) in an HTML element can be exploited to corrupt memory in a\nway that may allow execution of arbitrary code. \n\n3) An error within the parsing of specially crafted, non-valid HTML\ncan be exploited to corrupt memory in a way that allows execution of\narbitrary code when a malicious HTML document is viewed. \n\n4) An error within the instantiation of COM objects that are not\nintended to be instantiated in Internet Explorer can be exploited to\ncorrupt memory in a way that allows execution of arbitrary code. \n\n5) An error within the handling of HTML elements containing a\nspecially crafted tag can be exploited to corrupt memory in a way\nthat allows execution of arbitrary code. \n\n6) An error within the handling of double-byte characters in\nspecially crafted URLs can be exploited to corrupt memory in a way\nthat allows execution of arbitrary code. \n\nSuccessful exploitation requires that the system uses double-byte\ncharacter sets. \n\n7) An error in the way IOleClientSite information is returned when an\nembedded object is dynamically created can be exploited to execute\narbitrary code in context of another site or security zone. \n\n8) An unspecified error can be exploited to spoof information\ndisplayed in the address bar and other parts of the trust UI. \n\n9) Some unspecified vulnerabilities exist in the two ActiveX controls\nincluded with Danim.dll and Dxtmsft.dll. \n\nSOLUTION:\nApply patches. \n\nInternet Explorer 5.01 SP4 on Windows 2000 SP4:\nhttp://www.microsoft.com/downloa...7B87-AF8F-4346-9164-596E3E5C22B1\n\nInternet Explorer 6 SP1 on Windows 2000 SP4 or Windows XP SP1:\nhttp://www.microsoft.com/downloa...41E1-2B36-4696-987A-099FC57E0129\n\nInternet Explorer 6 for Windows XP SP2:\nhttp://www.microsoft.com/downloa...FB31-E6B4-4771-81F1-4ACCEBF72133\n\nInternet Explorer 6 for Windows Server 2003 and Windows Server 2003\nSP1:\nhttp://www.microsoft.com/downloa...6871-D217-41D3-BECC-B27FAFA00054\n\nInternet Explorer 6 for Windows Server 2003 for Itanium-based systems\nand Windows Server 2003 with SP1 for Itanium-based systems:\nhttp://www.microsoft.com/downloa...957C-0ABE-4129-ABAF-AA2852AD62A3\n\nInternet Explorer 6 for Windows Server 2003 x64 Edition:\nhttp://www.microsoft.com/downloa...8BE3-39EE-4937-9BD1-280FC35125C6\n\nInternet Explorer 6 for Windows XP Professional x64 Edition:\nhttp://www.microsoft.com/downloa...FE3E-620A-4BBC-868B-CA2D9EFF7AC3\n\nInternet Explorer 6 SP1 on Windows 98, Windows 98 SE, or Windows ME:\nPatches are available via the Microsoft Update Web site or the\nWindows Update Web site. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Discovered by anonymous person. \n2) Michal Zalewski\n3) The vendor credits Jan P. Monsch, Compass Security Network\nComputing. \n4) The vendor credits Richard M. Smith, Boston Software Forensics. \n5) The vendor credits Thomas Waldegger. \n6) The vendor credits Sowhat, Nevis Labs. \n7) The vendor credits Heiko Schultze, SAP. \n9) The vendor credits Will Dormann, CERT/CC. \n\nORIGINAL ADVISORY:\nMS06-013 (KB912812):\nhttp://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1192"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"db": "BID",
"id": "17460"
},
{
"db": "VULHUB",
"id": "VHN-17300"
},
{
"db": "PACKETSTORM",
"id": "45341"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-17300",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17300"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "17460",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2006-1192",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "18957",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1015899",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-1318",
"trust": 1.7
},
{
"db": "SREASON",
"id": "670",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000178",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200604-160",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "1838",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-17300",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "45341",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17300"
},
{
"db": "BID",
"id": "17460"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"db": "PACKETSTORM",
"id": "45341"
},
{
"db": "NVD",
"id": "CVE-2006-1192"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
}
]
},
"id": "VAR-200604-0205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-17300"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:04:15.109000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS06-013",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx"
},
{
"title": "MS06-013",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms06-013.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17300"
},
{
"db": "NVD",
"id": "CVE-2006-1192"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/17460"
},
{
"trust": 1.7,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1336"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1498"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1645"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1725"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1740"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015899"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18957"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/670"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25557"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/18957/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1192"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2006/1318"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-1192"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/alerts/id/217"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/alerts/id/220"
},
{
"trust": 0.4,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx"
},
{
"trust": 0.3,
"url": "http://www.mozilla.com/"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloa...fe3e-620a-4bbc-868b-ca2d9eff7ac3"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/10/"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloa...8be3-39ee-4937-9bd1-280fc35125c6"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloa...fb31-e6b4-4771-81f1-4accebf72133"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11/"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloa...957c-0abe-4129-abaf-aa2852ad62a3"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloa...7b87-af8f-4346-9164-596e3e5c22b1"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloa...41e1-2b36-4696-987a-099fc57e0129"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloa...6871-d217-41d3-becc-b27fafa00054"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17300"
},
{
"db": "BID",
"id": "17460"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"db": "PACKETSTORM",
"id": "45341"
},
{
"db": "NVD",
"id": "CVE-2006-1192"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-17300"
},
{
"db": "BID",
"id": "17460"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"db": "PACKETSTORM",
"id": "45341"
},
{
"db": "NVD",
"id": "CVE-2006-1192"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-17300"
},
{
"date": "2006-04-11T00:00:00",
"db": "BID",
"id": "17460"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"date": "2006-04-12T04:04:04",
"db": "PACKETSTORM",
"id": "45341"
},
{
"date": "2006-04-11T23:02:00",
"db": "NVD",
"id": "CVE-2006-1192"
},
{
"date": "2006-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-160"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-17300"
},
{
"date": "2006-04-17T17:12:00",
"db": "BID",
"id": "17460"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"date": "2021-07-23T12:17:15.613000",
"db": "NVD",
"id": "CVE-2006-1192"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-160"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer Vulnerable to address bar spoofing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
}
],
"trust": 0.6
}
}
var-200604-0201
Vulnerability from variot
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. Microsoft Windows fails to properly handle COM Objects. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Microsoft Internet Explorer (IE) will attempt to use COM objects that were not intended to be used in the web browser. This can cause a variety of impacts, such as causing IE to crash. This is related to the handling of certain HTML tags. They could also use HTML email for the attack. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-101A
Microsoft Windows and Internet Explorer Vulnerabilities
Original release date: April 11, 2006 Last revised: -- Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security Bulletin Summary for April 2006.
I. (CVE-2006-0012)
II. If the user is logged on with administrative privileges, the attacker could take complete control of an affected system. An attacker may also be able to cause a denial of service.
III. Solution
Apply Updates
Microsoft has provided updates for these vulnerabilities in the Security Bulletins and on the Microsoft Update site.
Workarounds
Please see the US-CERT Vulnerability Notes for workarounds. Many of these vulnerabilities can be mitigated by following the instructions listed in the Securing Your Web Browser document.
Appendix A. Please send email to cert@cert.org with "TA06-101A Feedback VU#876678" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
Apr 11, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRDwj9n0pj593lg50AQInJggAoOBNa20SU8JukBoK5elr5vWOLcAjycHt Cg0+064ncCpQXoWiYPrLGVzg4/MCTVUygbYl85cePp5cHSHqpfuYXoBuZwSKu36+ olQdkbU1ejViA8A0XPsQ3EgtIRlDZSgL1ncYlRM8QxK8CF7QV616ta8q6H/3EDMM i+tXy6gzQMqJeUthopzGcfpf6U5Qu9PCk/+Pj66GfFhHpARanLef2H28WFRazC+I R+vLGLFLV0gp1Iy7t267l1BhN1w1z+fXD0WwYkiTwb0mzeize8Amdqlb5c4Vn4wh HAF/XGiCe5qkMhM7kRLA70JsNfSkI38JPHWSo9/a04wFBKENCAwNpA== =w6IC -----END PGP SIGNATURE----- .
Visit http://www.microsoft.com/windows/ie/default.mspx or http://en.wikipedia.org/wiki/Internet_Explorer for detailed information.
o Memory Corruption Vulnerability: #7d519030
Following HTML code forces IE 6 to crash:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">