12 matches found
EUVD-2003-0717
Malware in sbrugna...
Microsoft HSC URL RemoteCodeExecution (MS04-011) - Ver2 (CVE-2003-0907)
A vulnerability exist in the way Help and Support Center HSC validates URLs with the scheme hcp://. There is a vulnerability in the way the Microsoft Help and Support Center processes URL strings. The vulnerability could be exploited to run malicious JavaScript code in the security context of "My...
Microsoft Internet Explorer 5 Shell: IFrame Cross-Zone Scripting Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/9628/info It has been alleged that Microsoft Internet Explorer is prone to a weakness that may potentially allow for the execution of hostile script code in the context of the My Computer Zone. This issue is related to ho...
Microsoft Internet Explorer 6.0 Double Slash Cache Zone Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8980/info A vulnerability has been reported in Internet Explorer that may allow cached Internet content to be rendered in the My Computer zone. It is possible to exploit this issue by including an extra slash when...
CVE-2011-1205
Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer...
Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone
Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...
Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone
Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...
Cross site scripting
Cross-Application Scripting XAS vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object...
CVE-2006-2303
Cross-Application Scripting XAS vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object...
[Full-Disclosure] Microsoft Help and Support Center argument injection vulnerability
OVERVIEW ======== "Help and Support Center HSC is a feature in Windows that provides help on a variety of topics" from www.microsoft.com. It can be accessed via HCP: URLs. HSC is installed by default on Windows XP and Windows Server 2003 systems. An argument injection vulnerability in HSC allows ...
PT-2003-1822 · Realnetworks · Realone Player
Name of the Vulnerable Software and Affected Versions: RealOne player affected versions not specified Description: The issue allows remote attackers to execute arbitrary script in the "My Computer" zone. This is achieved via a SMIL presentation with a URL that references a scripting protocol. The...
CVE-2002-1442
Affected product: Google Toolbar (IE) up to version 1.1.58 and earlier. Vulnerability: remote sites could trigger unauthorized toolbar operations, including script execution and file reading in other zones (e.g., My Computer) by opening a window to tools.google.com or the res: protocol and then u...