CVE-2014-1807

The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows local...

CVE-2014-1807

The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows local...

VulnCheck KEV: CVE-2014-1807

The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows...

Insomnia : ISVA-100216.1 - Windows URL Handling Vulnerability

Insomnia Security Vulnerability Advisory: ISVA-100216.1 Name: Windows URL Handling Vulnerability Released: 16 February 2010 Vendor Link: http://www.microsoft.com/ Affected Products: Windows 2000, Windows XP, Windows 2003, Windows Vista Original Advisory:...

Input validation

The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a...

CVE-2010-0027

The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a...

CVE-2010-0027

The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a...

CVE-2010-0027

CVE-2010-0027 documents a vulnerability in URL validation in Internet Explorer (IE 5.01, 6, 6 SP1, 7, 8) and in the ShellExecute API on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, where input parameters in crafted URLs could allow remote code execution by an attacker. The connected MSKB en...

PT-2010-1852 · Microsoft · Windows Server 2003 +4

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 through 8 Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 and SP3 Microsoft Windows Server 2003 SP2 Description: A remote code execution issue exists due to improper input validation in the URL...

Microsoft Internet Explorer 8 - URI Validation Remote Code Execution

source: https://www.securityfocus.com/bid/37884/info Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application an...

CVE-2006-3697

Agnitum Outpost Firewall Pro 3.51.759.6511 462, as used in 1 Lavasoft Personal Firewall 1.0.543.5722 433 and 2 Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain...

CVE-2005-1045

OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark...

CVE-2005-1045

OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark...

OpenText FirstClass 8.0 Client Arbitrary File Execution

Product: OpenText FirstClass 8.0 Client Homepage: http://www.firstclass.com Platform: Microsoft Windows Description: Insufficient validation of user input allows arbitrary file execution FirstClass bookmark files allow the user to organise their web address's using the familiar FirstClass desktop...

CVE-2003-0503

The CVE-2003-0503 entry applies to Windows 2000 before SP4, where a buffer overflow in ShellExecute (SHELL32.DLL) can be triggered by a long third argument. This could lead to denial of service or arbitrary code execution. The available documents specify the affected component and the root cause ...

CVE-2003-0503

Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument...

[SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow

---------------------------------------------------------------------- SNS Advisory No.65 Windows 2000 ShellExecute API Let Applications to Cause Buffer Overflow Problem first discovered: Thu, 5 Dec 2002 Published: Thu, 03 Jul 2003 Reference:...