9806 matches found
CVE-2001-1325
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets XSL that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host WSH...
Microsoft Internet Explorer 5.0/5.5 / OE 5.5 - XML Stylesheets Active Scripting
source: https://www.securityfocus.com/bid/2633/info A vulnerability exists in the handling of XML stylesheets in Internet Explorer and Outlook Express. If active scripting is disabled in all security zones, IE and OE will still allow script to run if it is contained in the stylesheet of an XML...
Microsoft Internet Explorer vulnerable to file disclosure via code containing GetObject() function
Overview Internet Explorer may disclose files on your computer if you visit a malicious web site or read a mail message with Active Scripting enabled. Description By design, Microsoft Internet Explorer prevents programs on web sites from reading files on your computer without authorization...
Microsoft Windows Media Player 7.0 - .asx Remote Buffer Overflow
Microsoft Windows Media Player 7.0 - .asx Remote Buffer Overflow source: https://www.securityfocus.com/bid/1980/info Windows Media Player is an application used for digital audio, and video content viewing. An unsafe buffer copy involving remotely-obtained data exists in the Active Stream...
Microsoft Indexing Service (Windows 2000/NT 4.0) - '.htw' Cross-Site Scripting
source: https://www.securityfocus.com/bid/1861/info A cross-site scripting vulnerability has been reported in Microsoft Indexing Services for Windows 2000/NT4 and its handling of the .htw extension. If a user inadvertantly opened a hostile link through a browser or HTML compliant e-mail client,...
MS IE5 + ftp proxy
Problem: IE5 doesn't use proxy for FTP connection if option "Enable folder view for FTP sites" is checked. This option is checked by default. Configuration: tested in 2 configurations: 1. Windows NT 4.0 wrkst + SP5 + IE5.0 2. Windows NT 4.0 wrkst + SP6a + IE5.01 both has a problems. There is no...
DoS против IE/Outlook через Microsoft Media Player
Некорректный OCX-Active X приводит к закрытию почтового клиента с ошибкой...
HHControl Object (showHelp) may execute shortcuts embedded in help files
Overview The HHCtrl ActiveX control has a serious vulnerability that allows remote intruders to execute arbitrary code, if the intruder can cause a compiled help file CHM to be stored "locally." Microsoft has released a security bulletin and a patch for this vulnerability, but the patch does not...
CVE-2000-0311
The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability...
CVE-2000-0311
Technical details for CVE-2000-0311 are not publicly available in the provided documents. Monitor for updates.
Microsoft Windows SMB Service Enumeration
This plugin implements the SvcOpenSCManager and SvcEnumServices calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host. An attacker may use this feature to gain better knowledge of the remote host. C Tenable Network Security, Inc. include"compat.inc";...
Security Bulletin (MS00-042)
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- Patch Available for "Active Setup Download" Vulnerability Originally Posted: June 29,...
Заткнута дырка в IE (CAB AtciveX)
Элемент управления Active X позволял загрузить CAB-файлы подписанные Microsoft в любое место на диске без запроса пользователя, что позволяло испортить имеющиеся системные файлы...
CVE-2000-0400
The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post...
CVE-2000-0400
The CVE-2000-0400 entry refers to the Microsoft Active Movie ActiveX Control in Internet Explorer 5, where the issue stems from shared code handling the Internet cache and file downloads (not the Active Movie control itself). Affected component is msdxm.ocx (ClassID {05589FA1-C356-11CE-BF01-00AA0...
CVE-2000-0329
The CVE concerns a Microsoft ActiveX control vulnerability in the Active Setup Control that allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML email. Affected component is an ActiveX control; impact is remote code execution with partia...
CVE-2000-0400
The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post...
Microsoft Active Movie Control 1.0 - Filetype
Microsoft Active Movie Control 1.0 - Filetype source: https://www.securityfocus.com/bid/1221/info The Microsoft Active Movie Control a multimedia ActiveX control will download files of any type specified in the control parameters in an HTML document, regardless of whether or not they are a valid...
Microsoft Active Movie Control 1.0 - Filetype
source: https://www.securityfocus.com/bid/1221/info The Microsoft Active Movie Control a multimedia ActiveX control will download files of any type specified in the control parameters in an HTML document, regardless of whether or not they are a valid media type. A hostile website, HTML email or...
Проблемы с длинным расширением в Windows 98
В режиме Active Desktop в Windows 98 имеется переполнение буфера в explorer при длинном расширении файла...