293 matches found
[Full-disclosure] SEC-CONSULT SA-20050629-0
SEC-CONSULT Security Advisory 20050629-0 ================================================================================== title: IE6 javaprxy.dll COM instantiation heap corruption vulnerability program: Internet Explorer vulnerable version: 6.0.2900.2180 homepage: www.microsoft.com found:...
CVE-2005-0063
The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host MSHTA, as demonstrated using a...
CVE-2005-0063
The CVE-2005-0063 issue stems from Windows Shell/MSHTA handling of file associations. A remote code execution vulnerability exists when a user opens a specially crafted OLE2 document (e.g., Word) whose CLSID is manipulated to invoke HTML Application Host (MSHTA) to process the file. Exploitation ...
CVE-2005-0063
The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host MSHTA, as demonstrated using a...
iDEFENSE Security Advisory 04.12.05: Microsoft MSHTA Script Execution Vulnerability
Microsoft MSHTA Script Execution Vulnerability iDEFENSE Security Advisory 04.12.05 www.idefense.com/application/poi/display?id=231&type=vulnerabilities April 12, 2005 I. BACKGROUND Microsoft HTML Application Host MSHTA is part of the Microsoft Windows operating system and is needed to execute .HT...
Microsoft Windows MSHTA code execution
Content type of the file is determined based on CLSID in file content, not by it's extention...
CVE-2001-0643
Affected software: Internet Explorer 5.5. Issue: CLSID not displayed when it appears at the end of a file name, enabling spoofing of file type and potentially deceiving users into executing a dangerous program. Impact: user may run unintended or unsafe code due to misleading file type indication....
Microsoft Windows contains a vulnerability in the way the Windows Shell launches applications
Overview Microsoft Windows contains a remote code execution vulnerability in the way that the Windows Shell launches applications. An remote attacker could exploit this vulnerability to execute arbitrary code if they could trick a user into visiting a malicious website. Description Microsoft...
CVE-2004-2083
Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."...
CVE-2002-1984
Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service crash via an OBJECT tag that contains a crafted CLASSID CLSID value of "CLSID:00022613-0000-0000-C000-000000000046"...
Microsoft Internet Explorer 5.5 - CLSID File Execution
source: https://www.securityfocus.com/bid/2612/info The default operation performed to open a filetype is determining by referencing the filetype's CLSID. Due to a flaw in the interpretation of CLSIDs when appended to a filename, it is possible to specify a different default action for a given fi...
Microsoft Internet Explorer 5.5 - CLSID File Execution
Microsoft Internet Explorer 5.5 - CLSID File Execution source: https://www.securityfocus.com/bid/2612/info The default operation performed to open a filetype is determining by referencing the filetype's CLSID. Due to a flaw in the interpretation of CLSIDs when appended to a filename, it is possib...
clsidext.txt
[email protected] Georgi Guninski security advisory 42, 2001 Double clicking on innocent looking files may be dangerous Systems affected: Windows Explorer, Internet Explorer - Windows 98, 2000 - when browsing directories or shares Risk: High Date: 16 April 2001 Legal Notice: This Advisory is...