25 matches found
EUVD-2010-4357
Malware in sbrugna...
Microsoft Office: Local Machine Zone Lockdown Security
This test checks the setting for policy OpenVAS Vulnerability Test $Id: officelockdownsecurity.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Local Machine Zone Lockdown Security Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...
Remote code execution
A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher...
CVE-2018-8245
A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher...
Microsoft Word Local Machine Zone Remote Code Execution Vulnerability
Microsoft Word, Excel, and Powerpoint 2007 contain a remote code execution vulnerability because it is possible to reference documents such as Works document .wps as HTML. It will process HTML and script code in the context of the local machine zone of Internet Explorer which leads to arbitrary...
Microsoft Outlook 2002 Script Execution (CVE-2004-0121)
Microsoft provides server and client side implementations of email protocols such as SMTP, POP3 and IMAP. The widely used Microsoft Outlook product is an implementation of an email client capable of handling most standard Internet protocols as well as numerous proprietary Microsoft protocols and...
CVE-2009-3114
The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K...
Design/Logic Flaw
The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K...
MS Internet Explorer URL Injection in History List (MS04-004)
No description provided by source. // Andreas Sandblad, 2004-02-03, patched by MS04-004 // Name: payload // Purpose: Run payload code called from Local Machine zone. // The code may be arbitrary such as executing shell commands...
CVE-2008-2281
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluat...
CVE-2008-2281
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluat...
MS Internet Explorer (Print Table of Links) Cross-Zone Scripting PoC
No description provided by source. !-- Internet Explorer "Print Table of Links" Cross-Zone Scripting Vulnerability Author: Aviv Raff http://aviv.raffon.net/ Summary Internet Explorer is prone to a Cross-Zone Scripting vulnerability in ...
CVE-2008-0583
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata...
CVE-2008-0582
CVE-2008-0582 affects Skype on Windows (versions 3.1–3.6.0.244). The issue is a cross-zone scripting vulnerability in the Internet Explorer web control used by SkypeFind, allowing an attacker to inject script/HTML into the Local Machine Zone via the Full Name field of a reviewer in a business ite...
Cross site scripting
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a 1 Dailymotion and possibly 2...
Microsoft Internet Explorer contains a Channel Definition Format (CDF) cross-domain vulnerability
Overview Microsoft Internet Explorer contains a vulnerability that may allow unintended information disclosure or remote code execution due to a flaw in handling Channel Definition Format CDF files. Description From the Microsoft Channel Definition Format description:Channel Definition Format CDF...
Microsoft Internet Explorer contains URL decoding cross-domain vulnerability
Overview A URL decoding vulnerability in Microsoft Internet Explorer may allow remote attackers to bypass zone security restrictions and execute arbitrary code on affected systems. Description IE uses a cross-domain security model to maintain separation between browser frames from different...
Microsoft Windows HTML Help ActiveX control does not adequately validate window source
Overview The Microsoft Windows HTML Help ActiveX control contains a cross-domain vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands or code with the privileges of the user running the control. The HTML Help control can be instantiated by an HTML...
Microsoft Internet Explorer HTML Help control bypasses Local Machine Zone Lockdown
Overview The Microsoft Internet Explorer HTML Help ActiveX control is not restricted by the Local Machine Zone Lockdown feature. This can allow an attacker to execute script in the Local Machine Zone. Description Windows XP SP2 introduces a feature called Local Machine Zone Lockdown. This feature...
Microsoft Internet Explorer does not properly validate source of redirected frame
Overview Microsoft Internet Explorer IE does not adequately validate the security context of a frame that has been redirected by a web server. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone...