Microsoft DXImageTransform Light filter fails to validate input

Overview The Microsoft DXImageTransform Light COM object fails to validate input, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software components that can be...

Internet Explorer Javaprxy.dll heap overflow

Added: 06/05/2006 CVE: CVE-2005-2087 BID: 14087 OSVDB: 17680 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. One such object, the JView Profiler Javaprxy.dll, is a debugger interface for Microsoft...

Internet Explorer Javaprxy.dll heap overflow

Added: 06/05/2006 CVE: CVE-2005-2087 BID: 14087 OSVDB: 17680 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. One such object, the JView Profiler Javaprxy.dll, is a debugger interface for Microsoft...

Multiple Microsoft Internet Explorer security vulnerabilities

Jump to ininitialized function pointer by referencing unspupported object's method createTextRange for checkbox. Potentially can be used for code execution and hidden malware installation. Memory corruption on uninitialized event handlers. HTA code execution. HTML parsing memory corrution. COM...

Cross site scripting

Cross-Application Scripting XAS vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object...

CVE-2006-2303

Cross-Application Scripting XAS vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object...

PT-2006-2941 · Joomla +1 · Joomla! +1

Name of the Vulnerable Software and Affected Versions: Mambo affected versions not specified Joomla! affected versions not specified Description: The issue allows remote attackers to cause a denial of service, potentially leading to disk consumption and web-server outage, by making multiple...

CVE-2006-0012

Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."...

Microsoft Windows shell code execution

COM object can execute code. Can be used for hidden malware installation with Internet Explorer...

CVE-2006-0012

CVE-2006-0012 is a Windows Shell vulnerability in which Windows Explorer could incorrectly handle COM objects, enabling remote code execution if a user visits a malicious Web site or opens crafted files/directories. Affected products include Windows 2000 SP4, XP SP1/SP2, and Windows Server 2003 S...

Microsoft Windows Shell COM Object Remote Code Execution Vulnerability

Description Microsoft Windows Shell is prone to a remote code-execution vulnerability. This issue is due to a flaw in its handling of remote COM objects. Remote attackers may exploit this issue to execute arbitrary machine code in the context of the targeted user. This may facilitate the remote...

Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability that is related to the instantiation of COM objects. This issue results from a design error. The vulnerability arises because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX...

Microsoft Windows fails to properly handle COM objects

Overview Microsoft Windows fails to properly handle COM Objects. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft COM Microsoft COM is a technology that allows programmers to create reusable software components...

MS06-015: Vulnerabilities in Windows Explorer Could Allow Remote Code Execution (908531)

The remote version of Windows contains a version of the Windows Explorer that has a vulnerability in the way it handles COM objects. An attacker could exploit this vulnerability by asking a victim to visit a rogue website containing a malformed COM object. Tenable Network Security, Inc...

DbbS<=2.0-alpha SQL injection

author: DaBDouB-MoSiKaR Moroccan Security Team site: http://www.dbbs.sup.fr/ greetz to : Moroccan Security Team CiM-TeaM and All Freinds exemple: http://target/topics.php?fid=3&limite=sql inbox:DaBDouB-MoSiKaRatmoroccan-securitydotcom...

CVE-2006-1364

Microsoft w3wp aka w3wp.exe does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service resource consumption or crash by repeatedly requesting each of several documents that refer to COM...

w3wp-dos.txt

--0-1633069887-1142992701=:20251 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sorry, if you are receiving multiple copies of it. Just resending as the one that I sent last night has not yet appeared. w3wp remote DoS due to improper reference of STA COM components i...

w3wp remote DoS due to improper reference of STA COM components in ASP.NET

Often developers forget to use the “AspCompat” directive which is required while referencing COM components in ASP.NET. Missing AspCompat directive causes general instability and poor performance of the web application, just a simple increase of load on a web server may cause it to crash. After...

ASP.NET w3wp (COM Components) Remote Crash Exploit

Exploit for unknown platform in category dos / poc ================================================== ASP.NET w3wp COM Components Remote Crash Exploit ================================================== // w3wp-dos.c // include "stdafx.h" pragma comment lib,"ws232" include include include include...

Internet Explorer COM object instantiation vulnerability

Added: 02/24/2006 CVE: CVE-2005-1990 BID: 14511 OSVDB: 18612 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. Problem Improper instantiation of certain COM objects as ActiveX controls by Internet...