248 matches found
CVE-2007-2227
CVE-2007-2227 describes information disclosure in the MHTML protocol handler used by Outlook Express 6 and Windows Mail, which processes MHTML contents via Internet Explorer and ignores the Content-Disposition header. The vulnerability enables an attacker to obtain sensitive data from other IE do...
Information disclosure
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain...
CVE-2007-2225
CVE-2007-2225 involves a cross-domain information disclosure in the MHTML URI handler used by Outlook Express 6 and Windows Mail (on Windows Vista). The vulnerability arises when the MHTML protocol handler processes HTTP headers, causing IE to bypass domain restrictions and potentially disclose d...
IE mhtml redirection vulnerability using the method-vulnerability warning-the black bar safety net
This vulnerability is primarily an information leak, see http://secunia. com/advisories/1 9 7 3 8/specific description. In order to ensure client safety, the xmlhttp is not cross-domain access to information. But the IE security problems, in the service end through the mhtml redirection...
Microsoft Internet Explorer畸形MHTML标记拒绝服务漏洞
Internet Explorer是微软发布的非常流行的WEB浏览器。 IE在解析包含畸形标记内容的MHTML文档时存在拒绝服务漏洞,远程攻击者可能利用此漏洞导致用户的IE浏览器崩溃。 Microsoft Internet Explorer 7.0 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.microsoft.com/windows/ie/default.asp Content-Type: text/html; charset="windows-1251" Content-Transfer-Encoding:...
Microsoft Internet Explorer 7 - MHTML Denial of Service
Microsoft Internet Explorer 7 - MHTML Denial of Service source: https://www.securityfocus.com/bid/20875/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs when Internet Explorer attempts to parse certain malformed HTML content. Successfully exploitin...
Microsoft Internet Explorer 7 - MHTML Denial of Service
source: https://www.securityfocus.com/bid/20875/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs when Internet Explorer attempts to parse certain malformed HTML content. Successfully exploiting this issue will cause the affected application to cras...
Microsoft Internet Explorer MHTML URI处理器信息泄露漏洞
Microsoft Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer在处理有“mhtml:”URI处理器的URL的重新定向时存在漏洞,可能允许用户访问其他WEB站点所服务的文档。 Microsoft Internet Explorer 6 for Windows XP SP2 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.microsoft.com/windows/ie/default.asp...
Microsoft Windows MHTML超长URI串溢出漏洞(MS06-043)
Microsoft Windows是微软发布的非常流行的操作系统。 inetcomm.dll在使用"mhtml:" URI解析器处理URL时存在栈溢出漏洞,成功利用此漏洞的攻击者可以完全控制受影响的系统。 攻击者可以通过超长的URL来触发这个漏洞,如诱骗用户通过Internet Explorer打开恶意的站点或打开特制的Internet快捷方式。 Microsoft Windows XP SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 x64 Edition Microsoft...
Internet Explorer 7 “mhtml:”重新定向信息泄露漏洞
Internet Explorer 7是微软最新发布的WEB浏览器。 IE 7在处理 “mhtml:” 格式的URI重新定向时存在漏洞,远程攻击者可能利用此漏洞强制用户访问其他站点上的文件。 Microsoft Internet Explorer 7.0 临时解决方法: 禁用活动脚本。 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.microsoft.com/windows/ie/default.asp...
Internet Explorer 7 “mhtml:”重新定向信息泄露漏洞
Internet Explorer 7是微软最新发布的WEB浏览器。 IE 7在处理 “mhtml:” 格式的URI重新定向时存在漏洞,远程攻击者可能利用此漏洞强制用户访问其他站点上的文件。 Microsoft Internet Explorer 7.0 临时解决方法: 禁用活动脚本。 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.microsoft.com/windows/ie/default.asp...
Update Protection against Microsoft Windows MHTML Remote Code Execution Vulnerability (MS06-043)
Several Microsoft Windows applications are prone to a buffer overflow vulnerability. Microsoft Internet Explorer, Windows Explorer and Outlook Express 6 fail to properly process overly long MHTML URLs. MHTML is an Internet standard that defines the MIME structure used to send HTML content in e-ma...
IE mhtml redirection vulnerability using the method-vulnerability warning-the black bar safety net
Author: yunshuAtph4nt0m.org Team: http://www.ph4nt0m.org Data: 2006-05-11 This vulnerability is primarily an information leak, see http://secunia. com/advisories/1 9 7 3 8/specific description. In order to ensure client safety, the xmlhttp is not cross-domain access to information. But the IE...
Microsoft Windows fails to properly parse the MHTML protocol
Overview Microsoft Windows fails to properly handle MHTML. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description MHTML According to Microsoft Security Bulletin MS06-043: MHTML extends HTML to embed encoded objects, such as images, in the HTML...
inetconnCrash.txt
DEFAULT BASEURL= InternetShortcut...
Buffer overflow
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service application crash via a long mhtml URI in the URL value in a URL file...
CVE-2006-2766
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service application crash via a long mhtml URI in the URL value in a URL file...
CVE-2006-2766
CVE-2006-2766 describes a Buffer Overflow in MHTML parsing within Windows components that impacts Microsoft Internet Explorer 6 (up to SP2), Windows Explorer, and Outlook Express 6. The vulnerability is triggered by processing a long MHTML URI value in a URL file, allowing remote user-assisted at...
Microsoft Windows MHTML URI Buffer Overflow Vulnerability
Description Microsoft Windows is prone to a remote buffer-overflow vulnerability in 'INETCOMM.DLL'. The library fails to properly bounds-check user-supplied input data before copying it into an insufficiently sized memory buffer. Remote attackers may exploit this issue to execute arbitrary machin...
Microsoft Windows XP20002003 - MHTML URI Buffer Overflow (PoC)
Microsoft Windows XP20002003 - MHTML URI Buffer Overflow PoC source: https://www.securityfocus.com/bid/18198/info DEFAULT BASEURL= InternetShortcut...