68 matches found
CVE-2006-3605
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service crash by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference...
CVE-2006-3512
Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service crash by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference...
CVE-2006-3512
CVE-2006-3512 affects Internet Explorer 6 on Windows XP. The vulnerability arises when the Enabled property of a DXTFilter ActiveX object is set to true, leading to a null dereference and a remote denial of service. The issue is documented in multiple sources (e.g., NVD) with a CVSS base score of...
CVE-2006-3427
CVE-2006-3427 affects Microsoft Internet Explorer 6. The issue arises when declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, causing a null dereference and a denial of service (crash). Documents do not provide patch/version details or ...
CVE-2006-3354
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service crash by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference...
CVE-2006-3014
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet...
CVE-2006-3014
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet...
CVE-2006-3014
CVE-2006-3014 affects Microsoft Excel where embedding a Shockwave Flash Player ActiveX Object inside an XLS can automatically execute, enabling user-assisted arbitrary JavaScript execution and redirection when the spreadsheet is opened. According to SUSE and CPAI advisories, the issue originates ...
The use of xml+xsl to the client to add the super admin account!- Vulnerability warning-the black bar safety net
Usage: put swords. xml and swords. xsl is placed in an ordinary space, I believe very few people will pay attention to the xml security bar, quack, as long as you want to run the program added to run , the default support for js and vbs. This app was a user of swords, the password for the est of...
CVE-2005-2844
Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object...
CVE-2005-2844
The CVE-2005-2844 issue affects Indiatimes Messenger 6.0: a buffer overflow in MMClient.exe’s RenameGroup function via a long group name argument of the MMClient.MunduMessenger.1 ActiveX object can cause denial of service and may allow arbitrary code execution. Documents confirm the vulnerable co...
CVE-2004-1908
McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows remote attackers to obtain sensitive information via the GetSpecialFolderLocation function with certain parameters...
Microsoft Internet Explorer - Remote Wscript.Shell
Microsoft Internet Explorer - Remote Wscript.Shell ----------------------------------------------------- default.htm ------------------------------------------------------- function InjectedDuringRedirection...
Microsoft Internet Explorer - Remote Wscript.Shell
----------------------------------------------------- default.htm ------------------------------------------------------- function InjectedDuringRedirection showModalDialog'md.htm',window,"dialogTop:-1000;dialogLeft:-1000;dialogHeight:1;dialogWidth:1;". location="vbscript:""";...
CVE-2003-0838
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as...
Microsoft Internet Explorer 56 - GetObject File Disclosure
Microsoft Internet Explorer 56 - GetObject File Disclosure source: https://www.securityfocus.com/bid/3767/info A flaw exists in Microsoft Internet Explorer that may allow a remote attacker to view known files on a target system when a user views web content containing a specially crafted script...
Microsoft Internet Explorer 5/6 - GetObject File Disclosure
source: https://www.securityfocus.com/bid/3767/info A flaw exists in Microsoft Internet Explorer that may allow a remote attacker to view known files on a target system when a user views web content containing a specially crafted script. The problem occurs when the 'GetObject' JScript function is...
CVE-1999-1453
The CVE-1999-1453 issue concerns Internet Explorer 4 where a remote attacker can read the contents of a user’s clipboard through the Internet WebBrowser ActiveX object. The description indicates an impact on clipboard confidentiality via a WebBrowser ActiveX component, triggered by visiting a mal...
CVE-1999-1110
Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client...
CVE-2001-0149
CVE-2001-0149 affects Windows Scripting Host in Internet Explorer 5.5 and earlier. The vulnerability allows remote attackers to read arbitrary files through the GetObject JavaScript function and the htmlfile ActiveX object. Affected product: Internet Explorer on Windows (older IE versions). Root ...