Microsoft XML Core Services DTD Cross-Domain Scripting (MS08-069; CVE-2008-4029)

MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications. An information disclosure vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due t...

Microsoft XML Core Services Nested Tag (MS08-069; CVE-2007-0099)

MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications. A remote code execution vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a 1 JPG, 2 PDF, or 3 TXT file. NOTE: the provenance of this information is unknown; the details are...

CVE-2008-4723

Multiple cross-site scripting XSS vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a 1 JPG, 2 PDF, or 3 TXT file. NOTE: the provenance of this information is unknown; the details are...

CVE-2008-4724

Removed by vendor...

CVE-2008-3476

Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability."...

CVE-2008-3474

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information...

CVE-2008-3472

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTM...

CVE-2008-3474

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information...

CVE-2008-3475

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been 1 incorrectly initialized or 2 deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory...

CVE-2008-3476

Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability."...

CVE-2008-4582

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive...

Internet Explorer Cross-Domain Information Disclosure (MS08-058; CVE-2008-3474)

Microsoft Internet Explorer is the most widely used Internet browser. An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Internet Explorer that fails to correctly interpret the origin of scripts. An attacker can trigge...

CVE-2008-4340

Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service memory consumption via an HTML document containing a carriage return "\r\n\r\n" argument to the window.open function...

CVE-2008-4340

Removed by vendor...

RealNetworks RealPlayer Shockwave Flash (SWF) file vulnerability

Overview RealNetworks RealPlayer fails to properly handle frames within Shockwave Flash SWF files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The RealNetworks RealPlayer application provides support for the SWF file format. A...

Sony ImageStation AxRUploadServer.AxRUploadControl ActiveX (AxRUploadServer.dll) SetLogging Method Overflow

The remote host contains the AxRUploadServer.AxRUploadControl.1 ActiveX control, which was used to upload photos to Sony's ImageStation photo sharing and printing service. The version of this control installed on the remote host reportedly contains a buffer overflow when handling a long argument ...

Code injection

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message,...

CVE-2008-2463

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message,...

Microsoft Internet Explorer fails to properly restrict access to frames

Overview Microsoft Internet Explorer fails to properly restrict access to a document's frames, which may allow an attacker to modify the contents of frames in a different domain. Description Frames in HTML documents are subdivisions of the current window. The most common use of frames in web page...