CVE-2001-0365

Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags...

Advisory CA-2001-36 Microsoft Internet Explorer Does Not Respect Content-Disposition and Content-Type MIME Headers

CERT Advisory CA-2001-36 Microsoft Internet Explorer Does Not Respect Content-Disposition and Content-Type MIME Headers Original release date: December 19, 2001 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Microsoft Internet...

Various problems in Baltimore MailSweeper Script filtering

Saturday 22 September 2001 Various problems in Baltimore MailSweeper Script filtering =========================================================== Product Background -------------------- MAILsweeper is a Content Security solution for the gateway that allows businesses to implement policy for...

CVE-2001-0538

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page...

Security Bulletin MS01-042

---------------------------------------------------------------------- Title: Windows Media Player .NSC Processor Contains Unchecked Buffer Date: 26 July 2001 Software: Windows Media Player 6.4, 7, and 7.1 Impact: Run code of attacker's choice. Bulletin: MS01-042 Microsoft encourages customers to...

Security Bulletin MS01-038

---------------------------------------------------------------------- Title: Outlook View Control Exposes Unsafe Functionality Date: 12 July 2001 Software: Outlook 98, 2000, and 2002 Impact: Run code of attacker's choice via either web page or HTML e-mail. Bulletin: MS01-038 Microsoft encourages...

CVE-2001-1326

Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to...

CVE-2001-0154

CVE-2001-0154 affects Microsoft Internet Explorer 5.5 and earlier when rendering HTML and processing MIME parts. The vulnerability arises from a MIME handling table that can cause the browser to execute an embedded attachment if a malicious MIME type is set, without user confirmation. This can al...

CVE-2001-0154

HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly...

[SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service

FSC Internet Corp. / SecureXpert Labs Advisory SX-20010320-2b This is a follow-up to: SX-20010320-2 Denial of Service in Microsoft ISA server v1.0 Several individuals have pointed out an easier exploit scenario for this vulnerability, which additionally does NOT require the Web Publishing feature...

[ GFISEC23112000 ] Microsoft Media Player 7 allows executation of Arbitrary Code

GFI Security Lab Advisory http://www.gfi.com/ ----Title: GFISEC23112000 Microsoft Media Player 7 allows executation of Arbitrary Code ----Published: 23.NOV.2000 ----Vendor Status: Microsoft has been informed and we have worked with them to release a patch. ----Systems Affected: Windows ME WMP7 is...

NSFOCUS SA2000-04: Microsoft Win9x client driver type comparing vulnerability

NSFOCUS Security AdvisorySA2000-04 TopicёєMicrosoft Win9x client driver type comparing vulnerability Release Dateёє Aug 20, 2000 Update Dateёє Oct 11, 2000 Affected System: ================ - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98 Second Edition Non-affected systemёє...

netscape.msredir.txt

The first version of this document was created by Georgi Guninski, i would like to report that this bug also works on netscape Tested 4.7. I added the document with needed changes for netscape. Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The...

CVE-2000-0329

A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability...

ie.50.redirection.txt

Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski is not liable for any damages caused by direct or indirect use of the information or functionality provided by this...

msie-4-5.outlook+word97.txt

Date: Wed, 27 Jan 1999 14:14:39 +0000 From: Vesselin Bontchev To: [email protected] Subject: IE 4/5/Outlook + Word 97 security hole Hello folks, This is not a strictly Windows NT issue - it affects Windows 9x users too. However, it is a very important one, so I decided to post abou...

Security Update for Microsoft Windows 2000 (KB826232)

A security issue has been identified that could allow an attacker to read files or run programs on a computer, running Microsoft® Windows® 2000, that has been used to view an attacker's Web site or has read a specially crafted HTML e-mail. You can help protect your computer by installing this...