48 matches found
CVE-2008-2254
Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service crash and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."...
Microsoft IE HTML对象substringData()堆溢出漏洞(MS08-031)
BUGTRAQ ID: 29556 CVECAN ID: CVE-2008-1442 Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer显示包含对HTML对象的某些异常方法调用的网页的方式中存在堆溢出漏洞,如果DOM对象以可控的方式调用了substringData的话,就可以触发这个漏洞。攻击者可以通过构建特制的网页来利用该漏洞。当用户查看网页时,该漏洞可能允许远程执行指令。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Internet Explorer 7.0 Microsoft Internet...
MS Internet Explorer COM Objects File Download Exploit (MS05-038)
Exploit for unknown platform in category remote exploits ================================================================= MS Internet Explorer COM Objects File Download Exploit MS05-038 =================================================================...
Re: BAD NEWS: Microsoft Security Bulletin MS03-032
The patch for Drew's object data=funky.hta doesn't work: This is the exact same issue as http://greymagic.com/adv/gm001-ie/, which explains the problem in detail. Microsoft again patches the object element in HTML, but it doesn't patch the dynamic version of that same element. 1. Disable Active...
CVE-2002-0191
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability...
Microsoft Internet Explorer 5/6 - OBJECT Tag Same Origin Policy Violation
source: https://www.securityfocus.com/bid/5196/info Microsoft Internet Explorer allows script code to violate the same origin policy through usage of the HTML OBJECT tag. Malicious script code may obtain a legitimate reference to an embedded object containing a web page from the same domain. This...
Microsoft Internet Explorer 56 - Self-Referential Object Denial of Service
Microsoft Internet Explorer 56 - Self-Referential Object Denial of Service source: https://www.securityfocus.com/bid/4564/info Microsoft Internet Explorer is vulnerable to a denial of service due to an error in handling certain self-referential definitions in HTML documents. This occurs when an...
CVE-2000-0596
Summary: The CVE-2000-0596 issue involves Internet Explorer (IE 5.x/IE 5.01) opening Microsoft Access database/project files via HTML OBJECT tags without warning, enabling remote code execution via embedded VBA/macro. Affected components: IE’s handling of OBJECT tags referencing Access file types...