68 matches found
Internet Explorer Pdwizard.ocx ActiveX Object Memory Corruption (MS07-045; CVE-2007-3041)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer IE ActiveX control pdwizard.ocx. ActiveX controls are reusable software components based on Microsoft Component Object Model COM. To trigger the vulnerability, an attacker can create a malicious web page that...
Memory corruption
Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability."...
Microsoft Internet Explorer substringData Heap Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft software User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData method available ...
CVE-2007-3282
Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method...
Buffer overflow
Multiple buffer overflows in the 1 ActiveListen Xlisten.dll and 2 ActiveVoice Xvoice.dll speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the...
CVE-2007-2222
Multiple buffer overflows in the 1 ActiveListen Xlisten.dll and 2 ActiveVoice Xvoice.dll speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the...
CVE-2007-2222
Multiple buffer overflows in the 1 ActiveListen Xlisten.dll and 2 ActiveVoice Xvoice.dll speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the...
Microsoft Windows XMLHTTP proxy problem
Because of insufficient request validation Msxml2.XMLHTTP ActiveX object can be used to proxy HTTML request via client browser...
Design/Logic Flaw
DivXBrowserPlugin aka DivX Web Player npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service Internet Explorer 7 crash by invoking the GoWindowed method for a certain instance of the ActiveX object...
CVE-2007-0429
Affected software: DivX Player 6.4.1 includes DivXBrowserPlugin (npdivx32.dll) used as an ActiveX control in Internet Explorer. Vulnerability: invoking the GoWindowed method on a certain ActiveX instance can trigger a denial-of-service condition, leading to IE7 crash. Root cause: improper handlin...
CVE-2006-5448
The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System DRM allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer...
CVE-2006-4219
The Terminal Services COM object tsuserex.dll allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN...
CVE-2006-3910
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service crash by calling the NewDefaultItem function of an OVCtl OVCtl.OVCtl.1 ActiveX object, which triggers a null dereference...
CVE-2006-3897
CVE-2006-3897 describes a stack overflow in Microsoft Internet Explorer 6 on Windows 2000 caused by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with an overly long dispValue property. This leads to a remote-denial-of-service condition (application crash). Connected documents confi...
CVE-2006-3898
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service application crash by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference...
CVE-2006-3897
Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service application crash by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property...
CVE-2006-3899
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service application crash by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen...
CVE-2006-3657
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service stack overflow exception via a DXImageTransform.Microsoft.Gradient ActiveX object with a long 1 StartColorStr or 2 EndColorStr property...
CVE-2006-3659
Microsoft Internet Explorer 6 is affected by CVE-2006-3659. The vulnerability enables remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object. The public description across sources consistently states this is a crash/DoS vector i...
CVE-2006-3657
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service stack overflow exception via a DXImageTransform.Microsoft.Gradient ActiveX object with a long 1 StartColorStr or 2 EndColorStr property...