122 matches found
CVE-2009-2841
Removed by vendor...
Design/Logic Flaw
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."...
Fedora Core 11 FEDORA-2009-8800 (qt)
The remote host is missing an update to qt announced via advisory FEDORA-2009-8800. OpenVAS Vulnerability Test $Id: fcore20098800.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-8800 qt Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
CVE-2009-2419
Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the...
CVE-2009-2419
Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the...
CVE-2009-2419
CVE-2009-2419 is a use-after-free vulnerability in WebKit’s servePendingRequests within Apple Safari 4.0 and 4.0.1. The issue can let remote attackers crash the browser or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload ...
Design/Logic Flaw
Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with...
CVE-2008-4259
Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory...
Memory corruption
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of...
Memory corruption
The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted...
Memory corruption
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted HTML document...
CVE-2008-4231
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted HTML document...
CVE-2008-3475
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been 1 incorrectly initialized or 2 deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory...
CVE-2008-2463
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message,...
VMware Workstation ActiveX Control vielib.dll Command Execution (CVE-2007-4058)
VMware Workstation is a virtualization technology that allows running multiple instances of virtual computers simultaneously with the hosting operating system. A remote attacker could exploit this issue by convincing a user to visit a specially crafted HTML document or open a malicious web page...
Second Sight Software ActiveGS ActiveX control stack buffer overflows
Overview The Second Sight Software ActiveGS ActiveX control contains several stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Second Sight Software ActiveGS is an Apple IIGS emulator that is provided as an...
CVE-2006-6603
Buffer overflow in the YMMAPI.YMailAttach ActiveX control ymmapi.dll before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information...
CVE-2006-6603
Buffer overflow in the YMMAPI.YMailAttach ActiveX control ymmapi.dll before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information...
CVE-2006-3893
Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document...
US-CERT Technical Cyber Security Alert TA06-270A -- Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-270A Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability Original release date: September 27, 2006 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows...