Memory corruption

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code v...

CVE-2008-4259

Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory...

Internet Explorer ActiveX Navigate Handling Code Execution (MS08-073; CVE-2008-4258)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Internet Explorer that fails to properly validate parameters made during a method call in the...

Internet Explorer URL Cache Memory Corruption (MS08-073; CVE-2008-4260)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in the way Microsoft Internet Explorer accesses an object that has been deleted. The vulnerability is due to a memory corruption error in Internet Explorer when it attempt...

Internet Explorer HTML Embed Tag Stack Buffer Overflow (MS08-073; CVE-2008-4261)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in the way Microsoft Internet Explorer embeds objects into a Web page. The vulnerability is due to a memory corruption error in Internet Explorer When it displays a Web pa...

Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control stack buffer overflow

Overview The Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Linksys WVC54GC wireless video camera provides an ActiveX control called...

Memory corruption

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted HTML document...

Design/Logic Flaw

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document...

CVE-2008-4231

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted HTML document...

Design/Logic Flaw

Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document...

CVE-2008-4233

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document...

CVE-2008-4232

Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document...

PT-2008-5526 · Apple · Ios +2

Name of the Vulnerable Software and Affected Versions: Safari in Apple iPhone OS versions 1.0 through 2.1 Safari in Apple iPhone OS for iPod touch versions 1.1 through 2.1 Description: The issue allows remote attackers to make arbitrary phone calls via a crafted HTML document because Safari does...

JVN#47875752 GungHo LoadPrgAx vulnerable to arbitrary Java program execution

LoadPrgAx from GungHo Online Entertainment, Inc. is an ActiveX control that runs games provided by the company. LoadPrgAx contains a vulnerability that allows an attacker to execute an arbitrary Java program that resides on a user's PC. Impact If a user views a specially crafted HTML document web...

Microsoft XML Core Services Nested Tag (MS08-069; CVE-2007-0099)

MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications. A remote code execution vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due to...

Microsoft XML Core Services DTD Cross-Domain Scripting (MS08-069; CVE-2008-4029)

MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications. An information disclosure vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due t...

Microsoft XML Core Services Chunked Request (MS08-069; CVE-2008-4033)

MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications. An information disclosure vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due t...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a 1 JPG, 2 PDF, or 3 TXT file. NOTE: the provenance of this information is unknown; the details are...

CVE-2008-4724

Removed by vendor...

CVE-2008-4723

Multiple cross-site scripting XSS vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a 1 JPG, 2 PDF, or 3 TXT file. NOTE: the provenance of this information is unknown; the details are...