15 matches found
Aladdin Knowledge System Ltd - PrivAgent.ocx ChooseFilePath BOF
No description provided by source. !--------------------------------------------------------------------------- | Exploit: Aladdin Knowledge System Ltd - PrivAgent.ocx ChooseFilePath BOF | | Author: b33f - http://www.fuzzysecurity.com/ | | OS: Tested on XP PRO SP3 | | Browser: IE 4.01, IE 5.01, I...
Aladdin Knowledge System Ltd - PrivAgent.ocx ChooseFilePath BOF
Exploit for windows platform in category remote exploits //Messagebox jsle var MessageBox = unescape '%ue9be%uac66%udb2b%ud9c2%u2474%u58f4%uc931%u3fb1%uc083%u3104%u1070%u7003%u0b10'+ '%u7593%u50c0%uf285%u9233%u2907%u2d89%u0459%u5a8a%ua6e8%u2ad8%u4c07%ucea8%u149c'+...
Aladdin Knowledge System Ltd - 'PrivAgent.ocx' ChooseFilePath Buffer Overflow
//Messagebox jsle var MessageBox = unescape '%ue9be%uac66%udb2b%ud9c2%u2474%u58f4%uc931%u3fb1%uc083%u3104%u1070%u7003%u0b10'+ '%u7593%u50c0%uf285%u9233%u2907%u2d89%u0459%u5a8a%ua6e8%u2ad8%u4c07%ucea8%u149c'+ '%u655d%ub8dc%u4fd6%uf619%udaf0%u51aa%uf500%u83b2%u7e62%u6020%u0b47%u54fc%u5f0c'+...
Internet Explorer embed tag src extension buffer overflow
Added: 12/11/2008 CVE: CVE-2008-4261 BID: 32595 OSVDB: 50610 Background The HTML embed tag allows developers to embed plug-ins in web pages. Problem A vulnerability in Internet Explorer allows command execution when a user loads a page containing an embed tag with a src attribute containing a...
Memory corruption
The HxTocCtrl ActiveX control hxvz.dll, as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption...
Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer (910620)
Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer 910620 Published: February 14, 2006 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...
CVE-2004-0978
Heap-based buffer overflow in the Hrtbeat.ocx Heartbeat ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter...
CVE-2002-0024
CVE-2002-0024 affects Internet Explorer 5.01, 5.5 and 6.0. The issue allows an attacker to abuse Content-Disposition and Content-Type HTML headers to alter how a downloaded file’s name is displayed, potentially deceiving users into opening unsafe files. Exploitation details are not provided in th...
CVE-2002-0077
CVE-2002-0077 affects Microsoft Internet Explorer 5.01, 5.5 and 6.0. The vulnerability arises when objects invoked on HTML pages use CODEBASE/local object handling, causing the Local Computer zone to potentially execute local executables via certain objects (e.g., popup). This could allow remote ...
CVE-2001-0664
Summary (CVE-2001-0664 / CVE-2001-0724): Internet Explorer 5.01 and 5.5 are vulnerable to a zone-spoofing flaw where dotless IP addresses in URLs cause the page to be treated as Intranet Zone, bypassing some security restrictions. This can enable execution of scripts/ActiveX that would otherwise ...
CVE-2000-0503
The CVE-2000-0503 entry concerns the IFRAME within the WebBrowser control of Internet Explorer 5.01. The issue allows a remote attacker to violate the cross-frame security policy via the NavigateComplete2 event. The description and connected records indicate the vulnerability is tied to the WebBr...
CVE-2000-0266
The CVE-2000-0266 entry describes a vulnerability in Internet Explorer 5.01 where a malicious applet can bypass the cross-frame security policy by interacting with the Java JSObject to modify DOM properties, allowing an IFRAME to load an arbitrary JavaScript URL. This reveals a client-side cross-...
CVE-2000-0266
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL...
CVE-2000-0105
The CVE concerns Outlook Express 5.01 and Internet Explorer 5.01. A remote attacker can view a user’s email messages through a script that accesses a variable referencing subsequent messages read by the client. The explicit root cause is a scripting reference that exposes subsequent messages to a...
CVE-1999-0981
CVE-1999-0981 affects Internet Explorer 5.01 and earlier. A remote attacker can create a reference to a client window and use a server-side redirect to access local files via that window (Server-side Page Reference Redirect). Documents confirm the vulnerability description; no exploitation detail...