Multiple COM objects cause memory corruption in Microsoft Internet Explorer

Overview Microsoft Internet Explorer IE allows instantiation of COM objects not designed for use in the browser, which may allow a remote attacker to execute arbitrary code or crash IE. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software...

CVE-2004-2291

CVE-2004-2291 affects Microsoft Windows Internet Explorer 5.5 and 6.0. A remote attacker can run arbitrary code by delivering an embedded script that uses Shell Helper objects and a shortcut (link) to trigger the target script. No exploitation details are provided in the connected documents. No r...

CVE-2005-2414

Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service application crash via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering...

[SA16282] Business Objects Enterprise / Crystal Reports Denial of Service

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

FreeBSD : mozilla -- privilege escalation via non-DOM property overrides (a6427195-c2c7-11d9-89f7-02061b08fc24)

A Mozilla Foundation Security Advisory reports : Additional checks were added to make sure JavaScript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them in order to protect against an additional...

VulnCheck KEV: CVE-2005-2087

Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects...

Code execution through shared function objects — Mozilla

Improper cloning of base objects allowed web content scripts to walk up the prototype chain to get to a privileged object. This could be used to execute code with enhanced privileges...

[Full-disclosure] SEC-CONSULT SA-20050629-0

SEC-CONSULT Security Advisory 20050629-0 ================================================================================== title: IE6 javaprxy.dll COM instantiation heap corruption vulnerability program: Internet Explorer vulnerable version: 6.0.2900.2180 homepage: www.microsoft.com found:...

CVE-2002-1918

CVE-2002-1918 describes a buffer overflow in Microsoft Active Data Objects (ADO) within Microsoft MDAC versions 2.5–2.7. The description identifies the vulnerability as enabling remote attackers to cause impact with unknown scope and unknown attack vectors; no concrete impact, vector, or remediat...

CVE-2005-1677

Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allows remote attackers to bypass restrictions on COM objects...

[SA15421] Groove Virtual Office / Workspace Multiple Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2005-1677

Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allows remote attackers to bypass restrictions on COM objects...

Groove Virtual Office COM objects may be accessed insecurely

Overview Groove Virtual Office may allow access restrictions on COM objects to be bypassed. Exploitation may allow an attacker to execute arbitrary code. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases, and various other too...

CVE-2005-1532

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160...

USN-124-1: Mozilla and Firefox vulnerabilities

When a popup is blocked the user is given the ability to open that popup through the popup-blocking status bar icon and, in Firefox, through the information bar. Doron Rosenberg noticed that popups which are permitted by the user were executed with elevated privileges, which could be abused to...

CVE-2005-0298

The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information...

DEBIAN-CVE-2005-0088

The publisher handler for modpython 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL...

CVE-2005-0088

The publisher handler for modpython 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL...

CVE-2005-0088

The publisher handler for modpython 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL...

CVE-2004-0533

Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client...