25 matches found
VBScript - MSXML Execution Policy Bypass
According to https://blogs.windows.com/msedgedev/2017/07/07/update-disabling-vbscript-internet-explorer-11/, Starting from Windows 10 Fall Creators Update, VBScript execution in IE 11 should be disabled for websites in the Internet Zone and the Restricted Sites Zone by default. However, the...
CVE-2017-0241
An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of...
Privilege escalation
An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of...
CVE-2016-3353
Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows remote attackers to bypass intended access restrictions via a crafted file, aka "Internet Explorer Security Feature Bypass."...
PT-2016-2744 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 9 through 11 Description: The issue is related to how Internet Explorer handles files with the .url extension from the Internet zone, allowing a remote attacker to bypass access restrictions using a specially crafte...
Microsoft Outlook2000/Express 6.0 Arbitrary Program Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6923/info Microsoft Outlook and Outlook Express may execute arbitrary programs through objects embedded in HTML email messages. When an email message or newsgroup message is viewed using Outlook, a temporary object is...
Microsoft Internet Explorer内存破坏漏洞(CVE-2014-0298)
BUGTRAQ ID: 66025 CVECAN ID: CVE-2014-0298 Internet Explorer是微软公司推出的一款网页浏览器。 Internet Explorer 没有正确访问内存对象,在实现上存在远程代码执行漏洞,成功利用后可破坏内存,在当前用户权限下执行任意代码。 0 Microsoft Internet Explorer 6-11 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: 设置互联网和内联网安全区域设置为“高” 配置IE在运行活动脚本之前提示或直接禁用。 应用Microsoft Fix...
Microsoft Internet Explorer 中心元素远程代码执行漏洞 (MS12-037)
CVE ID: CVE-2012-1523 Microsoft Internet Explorer是微软公司推出的一款网页浏览器。 Microsoft Internet Explorer 访问已经删除的对象时存在远程代码执行漏洞。攻击者可利用当前用户权限执行任意代码以破坏内存。 0 Microsoft Internet Explorer 9.x Microsoft Internet Explorer 8.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 6.x 临时解决方法:...
Oracle Java Runtime NTLM Authentication Information Leakage Vulnerability
This vulnerability allows remote attackers to leak authentication details on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of NTLM...
Trusted Sites Zone (Whitelisting)
Keep in mind that when the Internet Zone is set to High, you may encounter web sites that do not function properly due to one or more of the associated security settings. This is where the Trusted sites zone can help. If you trust that the site will not contain malicious content, you can add it t...
C6 Messenger - ActiveX Remote Download and Execute
!-- C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit by Nine:Situations:Group::SnoopyAssault site: http://retrogod.altervista.org/ "C6 Messenger is an instant messaging program produced by Telecom Italia Group, specifically by Alice distribution, Icon Spa...
Microsoft SQL Server Distributed Management Objects (sqldmo.dll) BoF
No description provided by source. !-- 18.48 01/09/2007 Microsoft SQL Server Distributed Management Objects OLE DLL for SQL Enterprise Manager sqldmo.dll remote buffer overflow poc file version: 2000.085.2004.00 product version: 8.05.2004 passing some fuzzy chars to Start method: EAX 00000000 ECX...
mssql-overflow.txt
object classid='clsid:10020200-E260-11CF-AE68-00AA004A34D5' id='...
Microsoft SQL Server Distributed Management Objects OLE DLL for SQL Enterprise Manager (sqldmo.dll) remote buffer overflow poc
!-- 18.48 01/09/2007 Microsoft SQL Server Distributed Management Objects OLE DLL for SQL Enterprise Manager sqldmo.dll remote buffer overflow poc file version: 2000.085.2004.00 product version: 8.05.2004 passing some fuzzy chars to Start method: EAX 00000000 ECX 00620062 EDX 00620062 EBX 1C3A3638...
Microsoft Visual Studio WMI Object Broker ActiveX code execution
Object can be used to bypass internet zone restrictions...
CVE-2006-4704
Cross-zone scripting vulnerability in the WMI Object Broker WMIScriptUtils.WMIObjectBroker2 ActiveX control WmiScriptUtils.dll in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Objec...
CVE-2006-4704
CVE-2006-4704 is a cross-zone scripting vulnerability in the WMIScriptUtils.WMIObjectBroker2 ActiveX control (WmiScriptUtils.dll) shipped with Visual Studio 2005. The flaw allows a remote attacker to bypass Internet Explorer zone restrictions and execute arbitrary code by instantiating dangerous ...
US-CERT Technical Cyber Security Alert TA06-270A -- Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-270A Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability Original release date: September 27, 2006 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows...
Microsoft Windows WebViewFolderIcon ActiveX integer overflow
Overview The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft WebViewFolderIcon object is an ActiveX control that comes with...
IBM Access Support eGatherer ActiveX control buffer overflow
Overview The IBM Access Support eGatherer ActiveX control contains a buffer overflow vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The IBM Access Support eGatherer ActiveX control has the ability to collect system...