814 matches found
CVE-2008-3476
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability."...
CVE-2008-3472
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTM...
CVE-2008-3474
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information...
CVE-2008-4582
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive...
CVE-2008-3474
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information...
CVE-2008-3475
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been 1 incorrectly initialized or 2 deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory...
CVE-2008-3476
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability."...
Internet Explorer Cross-Domain Information Disclosure (MS08-058; CVE-2008-3474)
Microsoft Internet Explorer is the most widely used Internet browser. An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Internet Explorer that fails to correctly interpret the origin of scripts. An attacker can trigge...
CVE-2008-4340
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service memory consumption via an HTML document containing a carriage return "\r\n\r\n" argument to the window.open function...
CVE-2008-4340
Removed by vendor...
RealNetworks RealPlayer Shockwave Flash (SWF) file vulnerability
Overview RealNetworks RealPlayer fails to properly handle frames within Shockwave Flash SWF files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The RealNetworks RealPlayer application provides support for the SWF file format. A...
Sony ImageStation AxRUploadServer.AxRUploadControl ActiveX (AxRUploadServer.dll) SetLogging Method Overflow
The remote host contains the AxRUploadServer.AxRUploadControl.1 ActiveX control, which was used to upload photos to Sony's ImageStation photo sharing and printing service. The version of this control installed on the remote host reportedly contains a buffer overflow when handling a long argument ...
CVE-2008-2463
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message,...
Code injection
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message,...
Microsoft Internet Explorer fails to properly restrict access to frames
Overview Microsoft Internet Explorer fails to properly restrict access to a document's frames, which may allow an attacker to modify the contents of frames in a different domain. Description Frames in HTML documents are subdivisions of the current window. The most common use of frames in web page...
Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX stack buffer overflows
Overview The Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX control contains multiple stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Online Media Technologies, which was formerly known as NCT...
Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX stack buffer overflows
Overview The Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control contains multiple stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Online Media Technologies, which was formerly known as NCT...
Cross site scripting
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluat...
CVE-2008-2281
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluat...
iDefense Security Advisory 05.13.08: Microsoft Word CSS Processing Memory Corruption Vulnerability
iDefense Security Advisory 05.13.08 http://labs.idefense.com/intelligence/vulnerabilities/ May 13, 2008 I. BACKGROUND Microsoft Word is a word processing application that is distributed with Microsoft Office. Cascading Style Sheets CSS is a stylesheet language used to describe the presentation of...