CVE-2008-4269

The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability....

Microsoft Windows search-ms Protocol Handler Command Execution (MS08-075; CVE-2008-4269)

Windows Search is a standard component of Windows Vista that allows instant search capabilities for most common file and data types.Windows Search has XML-based files that save information about a search in Windows. A remote code execution vulnerability was reported in Windows Explorer which allo...

Microsoft Windows 'search-ms' Protocol Parsing Remote Code Execution Vulnerability

Description Microsoft Windows Explorer is prone to a remote code-execution vulnerability that affects the 'search-ms' protocol handler. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted website. Successfully exploiting this issue would allow the attacker to...

Design/Logic Flaw

Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications...

Microsoft Office Remote Code Execution Vulnerabilities (955047)

This host is missing critical security update according to Microsoft Bulletin MS08-055. OpenVAS Vulnerability Test $Id: secpodms08-055900046.nasl 5863 2017-04-05 07:38:11Z antu123 $ Description: Microsoft Office Remote Code Execution Vulnerabilities 955047 Authors: Chandan S Copyright: Copyright ...

CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass Advisory Information Title: Internet Explorer Zone Elevation Restrictions...

Information disclosure

The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via...

CVE-2008-1448

Technical details for CVE-2008-1448 are not provided in the connected documents. Public details are limited to related CVEs; monitor for updates.

CVE-2008-2927

Multiple integer overflows in the msnslplinkprocessmsg functions in the MSN protocol handler in 1 libpurple/protocols/msn/slplink.c and 2 libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message wi...

openSUSE 10 Security Update : epiphany (epiphany-4870)

This update brings the Mozilla XUL runner engine to security update version 1.8.1.10 MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inne...

Apple QuickTime RTSP Response message Reason-Phrase buffer overflow vulnerability

Overview Apple QuickTime contains a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to cause a denial-of-service condition and possibly execute arbitrary code. Description Real Time Streaming Protocol RTSP is a protocol that is used by streaming media systems. Appl...

Mozilla Firefox, SeaMonkey: Multiple vulnerabilities

Background Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey is a free, cross-platform Internet suite. Description Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and Seamonkey does not properly check MIME types CVE-2007-5947...

CVE-2007-6589

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting XSS attacks via a jar: URI, a different...

CVE-2007-6589

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting XSS attacks via a jar: URI, a different...

CVE-2007-6589

CVE-2007-6589 affects Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7. The jar protocol handler fails to update the origin when an inner URL parameter yields an HTTP redirect, enabling remote XSS via a jar: URI. No exploitation details are provided in the documents. Remediation: upgrad...

Microsoft Outlook Express MHTML URL解析信息泄露漏洞（MS07-034）

BUGTRAQ ID: 24392 CVECAN ID: CVE-2007-2225 Outlook Express是Microsoft Windows操作系统捆绑的邮件和新闻组客户端。 Windows的MHTML协议处理器在返回MHTML内容时没有正确的解释HTTP头，这可能允许Internet Explorer绕过域限制。 攻击者可以通过构建特制的网页来利用该漏洞。如果用户使用Internet Explorer查看网页，该漏洞可能允许信息泄露。成功利用此漏洞的攻击者可以读取另一个Internet Explorer域中的数据。 Microsoft Outlook Express 6.0...

CVE-2007-6409

The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service resource consumption via unspecified network traffic...

Design/Logic Flaw

The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service resource consumption via unspecified network traffic...

CVE-2007-6409

The CVE-2007-6409 entry concerns the gg protocol handler in Gadu-Gadu. When installed but not running, it does not properly handle the skin attribute, allowing remote attackers to cause a denial of service through unspecified network traffic, resulting in resource consumption. The vulnerability a...

CVE-2007-6409

The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service resource consumption via unspecified network traffic...