15 matches found
EUVD-2002-0077
Malware in sbrugna...
Microsoft Outlook Express 5/6 MHTML URL Handler File Rendering Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5473/info Microsoft Outlook Express introduced a URL handler called MHTML MIME Encapsulation of Aggregate HTML. This allows Internet Explorer to pass MHTML files to Outlook Express for rendering. The MHTML URL handler doe...
Internet Explorer 5/6 file:// Request Zone Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7539/info Internet Explorer is reported to be vulnerable to a zone bypass issue. Allegedly, if Internet Explorer attempts to open a web page containing numerous 'file://' requests each contained in a separate Iframe, the...
Yahoo Messanger crossaplication scripting
Chat sign in / sign out messages are shown with Internet Explorer allowing scripting in local computer zone...
CVE-2002-0615
The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation"...
Microsoft Internet Explorer and Outlook Express MHTML rendering engine incorrectly executes script in Local Computer Zone
Overview There is an MHTML input validation vulnerability in Outlook Express that may lead to arbitrary command and code execution in the Local Computer Zone of a victim host. Description Microsoft systems use components of Microsoft Outlook Express to render MHTML MIME Encapsulation of Aggregate...
Microsoft Internet Explorer 56 - file: Request Zone Bypass
Microsoft Internet Explorer 56 - file: Request Zone Bypass source: https://www.securityfocus.com/bid/7539/info Internet Explorer is reported to be vulnerable to a zone bypass issue. Allegedly, if Internet Explorer attempts to open a web page containing numerous 'file://' requests each contained i...
CVE-2002-0615
The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation"...
CVE-2002-0189
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability...
Security Bulletin MS02-015
---------------------------------------------------------------------- Title: 28 March 2002 Cumulative Patch for Internet Explorer Date: 28 March 2002 Software: Internet Explorer Impact: Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone. Max Risk:...
CVE-2001-0243
CVE-2001-0243 affects Windows Media Player 6.4/7: Internet shortcuts created in the user’s Temporary Files folder with a fixed name cause HTML to render in the Local Computer Zone rather than Internet Zone, enabling a remote attacker to read local files or execute commands when a user views a mal...
CVE-2001-0243
Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers t...
CVE-2001-0243
Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers t...
MS Outlook "Cache Bypass" allows attackers to circumvent Internet Zone security policy
Overview Microsoft has recently released Microsoft Security Bulletin MS00-046, in which they announced a patch for the "Cache Bypass" vulnerability. By exploiting this vulnerability, an attacker can use an HTML-formatted message to read certain types of files on the victim's machine. In addition,...
Security Bulletin (MS00-046)
Microsoft Security Bulletin MS00-046 - -------------------------------------- Patch Available for "Cache Bypass" Vulnerability Originally Posted: July 20, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Outlookr and Outlook Express. The...