5 matches found
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
This host is missing a critical security update according to Microsoft Bulletin MS09-015. OpenVAS Vulnerability Test $Id: secpodms09-015.nasl 5934 2017-04-11 12:28:28Z antu123 $ Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege 959426 Authors: Nikita MR Updated By:...
MS09-015: Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
A vulnerability in the way the Windows SearchPath function locates and opens files on the remote host could allow an attacker to execute arbitrary remote code if he can trick a user into downloading a specially crafted file into a specific location, such as the Windows Desktop. C Tenable Network...
CVE-2008-2933
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' pipe characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely...
Design/Logic Flaw
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' pipe characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely...
CVE-2008-2540
CVE-2008-2540 involves Safari on macOS and Safari/IE on Windows where downloading an object with an unrecognized content type can place malware in user directories and, via an untrusted search path, lead to remote code execution on Windows (Carpet Bomb / Blended Threat). Connected docs confirm th...