19 matches found
CVE-2017-0241
An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of...
Privilege escalation
An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of...
CVE-2017-0241
An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of...
CVE-2017-0241
Mode C: CVE-2017-0241 affects Microsoft Edge. The vulnerability is an elevation of privilege when Edge renders a domain-less URL, allowing actions in the Intranet Zone. Affected component: Edge rendering/domain handling; root cause details are not fully enumerated in the provided docs beyond the ...
Microsoft Edge Elevation of Privilege Vulnerability
A vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. To...
Microsoft Internet Explorer 5 Zone Spoofing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3420/info Microsoft Internet Explorer contains a security-setting feature that can be modified according to a user's preferences. These settings control what actions a web site can take on a user's system. A vulnerability...
Microsoft Internet Explorer内存破坏漏洞(CVE-2014-0298)
BUGTRAQ ID: 66025 CVECAN ID: CVE-2014-0298 Internet Explorer是微软公司推出的一款网页浏览器。 Internet Explorer 没有正确访问内存对象,在实现上存在远程代码执行漏洞,成功利用后可破坏内存,在当前用户权限下执行任意代码。 0 Microsoft Internet Explorer 6-11 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: 设置互联网和内联网安全区域设置为“高” 配置IE在运行活动脚本之前提示或直接禁用。 应用Microsoft Fix...
Microsoft Internet Explorer Unsafe Scripting Misconfiguration
This exploit takes advantage of the "Initialize and script ActiveX controls not marked safe for scripting" setting within Internet Explorer. When this option is set, IE allows access to the WScript.Shell ActiveX control, which allows javascript to interact with the file system and run commands...
Visual FoxPro vfp6r.dll ActiveX Control DoCmd command execution
Added: 12/19/2008 CVE: CVE-2008-0236 BID: 27205 OSVDB: 40380 Background Visual FoxPro is a tool for developing database applications. Problem The vfp6r.dll ActiveX control allows command execution when a user opens a web page which uses the DoCmd method. Resolution Set the kill bit for class ID...
Visual FoxPro vfp6r.dll ActiveX Control DoCmd command execution
Added: 12/19/2008 CVE: CVE-2008-0236 BID: 27205 OSVDB: 40380 Background Visual FoxPro is a tool for developing database applications. Problem The vfp6r.dll ActiveX control allows command execution when a user opens a web page which uses the DoCmd method. Resolution Set the kill bit for class ID...
CVE-2008-3010
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through...
Microsoft Windows crossite MMC access
Script from Internet/Intranet zone site can access any Microsoft Management Console's object...
CVE-1999-1087
CVE-1999-1087 affects Internet Explorer 4 where a 32-bit number in a URL (a “dotless IP address”) is treated as the hostname rather than as an IP address. This causes the web page to inherit Local Intranet Zone settings, enabling remote malicious servers to perform unauthorized activities using U...
Проблемы с "бесточечными" адресами в Internet Explorer (protection bypass)
Бесточечные адреса в Internet Explorer считаются относящимися к Intranet-зоне...
Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing
Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing ------ Risk: POTENTIALLY HIGH. Potentially allowing any possible action on the client machine, including reading any file, placing Trojan code or altering data. The risk depends on the security settings in the 'Intranet zone'...
Microsoft Internet Explorer 5 - Zone Spoofing (MS01-055)
source: https://www.securityfocus.com/bid/3420/info Microsoft Internet Explorer contains a security-setting feature that can be modified according to a user's preferences. These settings control what actions a web site can take on a user's system. A vulnerability exists in Internet Explorer, whic...
Microsoft Internet Explorer 5 - Zone Spoofing (MS01-055)
Microsoft Internet Explorer 5 - Zone Spoofing MS01-055 source: https://www.securityfocus.com/bid/3420/info Microsoft Internet Explorer contains a security-setting feature that can be modified according to a user's preferences. These settings control what actions a web site can take on a user's...
CVE-1999-1087
Internet Explorer 4 treats a 32-bit number "dotless IP address" in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that conta...
msie.zone.confusion.txt
Date: Fri, 5 Mar 1999 21:53:18 -0500 From: Jim Paris To: [email protected] Subject: More Internet Explorer zone confusion Even after the patch described in Microsoft Security Bulletin MS98-016 http://www.microsoft.com/security/bulletins/ms98-016.asp, IE4 still has big problems with...