CVE-2007-0942

Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute...

CVE-2007-0947

Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML...

CVE-2007-0946

CVE-2007-0946 describes a memory corruption vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1/SP2, and Windows Vista, triggered by crafted HTML objects. The underlying issue is the improper handling of HTML objects, leading to memory corruption and potentia...

CVE-2007-0946

Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption...

tomcat XSS in example webapps

Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...

Microsoft Offcie multiple security vulnerabilities

Memory corruption on drawing objects parsing...

PostgreSQL privilege escalation

By using temporary objects, unprivileged user can execute function with permissions of security-definer...

EasyMail Objects “Connect”方式远程栈溢出漏洞

EasyMail Objects是一组全面的、易用的COM控件，可以创建、发送、接收、显示、编辑、保存和打印电子邮件。 EasyMail Objects的IMAP4组件（对象ClassID 703B353E-FA2E-4072-8DDF-F70AAC7E527E）在处理传送给Connect方式的超长参数时存在栈溢出漏洞。如果用户传送了超过500字节的超长主机名参数的话，就会触发这个溢出，导致执行任意指令。 Quiksoft EasyMail Objects 6.0 - 6.4 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Oracle Data ORADC ActiveX Control Remote Code Execution

A vulnerability has been identified in the Oracle Data Control ORADC ActiveX control.The ORADC ActiveX control is provided by the Oracle Objects for OLE package. It provides data access and operation modifications on the backend database.A remote attacker could execute arbitrary code on the...

CVE-2007-1092

Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects...

Memory corruption

Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects...

CVE-2007-1029

Stack-based buffer overflow in the Connect method in the IMAP4 component in Quiksoft EasyMail Objects before 6.5 allows remote attackers to execute arbitrary code via a long host name...

Stack overflow

Stack-based buffer overflow in the Connect method in the IMAP4 component in Quiksoft EasyMail Objects before 6.5 allows remote attackers to execute arbitrary code via a long host name...

CVE-2007-1029

CVE-2007-1029 concerns the Quiksoft EasyMail Objects IMAP4 component. A stack-based buffer overflow in the Connect method can be triggered by a long hostname, potentially allowing remote code execution. Affected products include EasyMail Objects versions before 6.5; warnings and advisories refere...

EasyMail Objects IMAP4 Component Connect Method Remote Overflow

EasyMail Objects, a set of COM objects for supporting email protocols, is installed on the remote Windows host. The IMAP4 component of the version of the DjVu Browser Plug-in installed on the remote host reportedly is affected by a stack buffer overflow in the 'Connect' method that can be trigger...

Internet Explorer COM Object Instantiation Memory Corruption (MS07-016; CVE-2007-0219; CVE-2007-4697)

Component Object Models COM Objects are used to enable data exchange between processes and the creation of dynamic object in different programming languages.Microsoft Internet Explorer is prone to multiple remote code execution vulnerabilities. The vulnerabilities are due to a memory corruption...

Microsoft Internet Explorer multiple security vulnerabilities

Memory corruptions on COM objects instantiation and FTP server response parsing can be used for hidden malware installation...

Microsoft Internet Explorer vulnerable to remote code execution

Overview A vulnerability in the way Microsoft Internet Explorer instantiates COM objects may lead to execution of arbitrary code. Description Component Object Model, or COM objects, are used to enable interprocess communication and dynamic object creation within Microsoft Windows. Microsoft...

Code injection

Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from 1 Msb1fren.dll, 2 Htmlmm.ocx, and 3 Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697...

Microsoft Internet Explorer IMJPCKSI COM Object Instantiation Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote...