Microsoft Office: Bind to object

This test checks the setting for policy OpenVAS Vulnerability Test $Id: officebindtoobject.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Bind to object Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

Microsoft Office: Disable user name and password

This test checks the setting for policy OpenVAS Vulnerability Test $Id: officedisableusernamepasswd.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Disable user name and password Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This progr...

Microsoft Office: Object Caching Protection

This test checks the setting for policy OpenVAS Vulnerability Test $Id: officeobjectcachingprotection.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Object Caching Protection Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program ...

MS14-056: Cumulative Security Update for Internet Explorer (2987107)

The remote host is missing Internet Explorer IE Security Update 2987107. The version of Internet Explorer installed on the remote host is affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these by convincing a user to...

Microsoft Re-Releases Broken Security Patch MS14-045

Microsoft today re-released security bulletin MS14-045, which was pulled shortly after the August Patch Tuesday updates because a number of users reported crashes and blue screens. The patch was removed from Windows Update on Aug. 15, three days after it was released as part of Microsoft’s monthl...

H. Nomura Tiny FTPDaemon 0.52 Multiple Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/961/info Tiny FTPd is a freeware FTP server for Win9x with a Japanese interface. Version .52 and possible previous versions have unchecked buffers in the code that handles the following commands: APPE, MKD, RMD, RNFR, RNT...

Microsoft XML Core Services信息泄露漏洞(CVE-2014-0266)(MS14-005)

BUGTRAQ ID: 65407 CVECAN ID: CVE-2014-0266 Microsoft XML Core Services MSXML提供了一组服务，使用户可以使用JScript、VBScript和其它微软的开发工具开发基于XML的本机应用程序。 Microsoft XML Core Services在实现上存在安全漏洞，可使攻击者读取用户本地文件系统上的文件或者经过身份验证的Web域内容。当用户查看特制的Web内容时会通过IE触发MSXML，此时攻击者即可以利用此漏洞。 0 Microsoft Windows Windows Server 2012 Microsoft...

MS12-077: Cumulative Security Update for Internet Explorer (2761465)

The remote host is missing Internet Explorer IE Security Update 2761465. The installed version of IE is affected by vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid63224;...

MS11-050: Cumulative Security Update for Internet Explorer (2530548)

The remote host is missing Internet Explorer IE Security Update 2497640. The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid55130...

Firefox Gets Browser Boost From IE Attacks

Mozilla yesterday reported a “huge increase” in downloads of Firefox in Germany after that country’s computer security agency urged users of Microsoft’s Internet Explorer to dump the browser and run a rival instead. Read the full article. Computerworld...

IE mhtml redirection vulnerability using the method-vulnerability warning-the black bar safety net

Author: yunshuAtph4nt0m.org Team: http://www.ph4nt0m.org Data: 2006-05-11 This vulnerability is primarily an information leak, see http://secunia. com/advisories/1 9 7 3 8/specific description. In order to ensure client safety, the xmlhttp is not cross-domain access to information. But the IE...

"Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein

Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a lot more... Amit Klein, September 2005 Preface ======= This paper is released in a bit of haste, and as such, it may be somewhat incomplete. The reason is that I was toying with the concepts and techniques outlined in it for th...

IE mhtml redirection vulnerability using the method-vulnerability warning-the black bar safety net

Article author: yunshuAtph4nt0m.org Information source: http://www.ph4nt0m.org This vulnerability is primarily an information leak, see http://secunia. com/advisories/1 9 7 3 8/specific description. In order to ensure client safety, the xmlhttp is not cross-domain access to information. But the I...

XML Core Services patch (Q318203)

XMLHTTP Control Can Allow Access to Local Files. SPDX-FileCopyrightText: 2002 Michael Scheidell Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IE 5.x-6.0 allows executing arbitrary programs using showHelp()

IE 5.x-6.0 allows executing arbitrary programs using showHelp =============================================================== Title: IE 5.x-6.0 allows executing arbitrary programs using showHelp Date: Monday, December 29, 2003 Software: IE 5.x, 6.0 Vendor: Microsoft Corp. Patch: N/A Author: Arman...

CVE-2003-0241

The CVE-2003-0241 issue affects FrontRange GoldMine mail agent, specifically versions 5.70 and 6.00 prior to build 30503. The vulnerability arises when HTML is sent to the default browser without labeling the content as untrusted or setting a secure zone, causing IE to render HTML in a less secur...

CVE-2002-0057

The CVE-2002-0057 issue affects the Microsoft XML Core Services XMLHTTP control (MSXML) in versions 2.6, 3.0, and 4.0 where IE security zone handling is applied to redirected data streams. The flaw allows a remote attacker to read arbitrary local files by specifying a local file as the XML Data S...

CVE-2002-0057

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source...

IE fails to check certificates properly if initial SSL connection originates in an IFRAME or Image

Overview Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in CERT Advisory CA-2000-05 and CERT...

IE 5.5/Outlook security vulnerability - com.ms.activeX.ActiveXComponent allows executing arbitrary programs

Georgi Guninski security advisory 23, 2000 IE 5.5/Outlook security vulnerability - com.ms.activeX.ActiveXComponent allows executing arbitrary programs Systems affected: IE 5.5/Outlook/Outlook Express - probably other versions, have not tested Risk: High Date: 5 October 2000 Legal Notice: This...