25 matches found
EUVD-2025-14423
Malicious code in bioql PyPI...
CVE-2025-29842
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network...
CVE-2025-29842
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network...
CVE-2025-29842
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network...
CVE-2025-29842
Technical details (affected product, root cause, impact, fixes) for CVE-2025-29842 are not provided in the supplied connected documents. Monitor for updates from official advisories.
CVE-2025-29842 UrlMon Security Feature Bypass Vulnerability
...
CVE-2025-29842 UrlMon Security Feature Bypass Vulnerability
...
UrlMon Security Feature Bypass Vulnerability
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network...
Microsoft UrlMon 安全漏洞
Microsoft UrlMon is a component of the Windows operating system from Microsoft USA that is primarily used to handle URL-related tasks. A security vulnerability exists in Microsoft UrlMon. An attacker exploiting this vulnerability could bypass certain functionality. The following products and...
PT-2025-20957 · Microsoft · Urlmon +1
Name of the Vulnerable Software and Affected Versions: UrlMon affected versions not specified Description: The issue allows an unauthorized attacker to bypass a security feature over a network by accepting extraneous untrusted data with trusted data in UrlMon. This enables attackers to affect the...
CVE-2023-48861
DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll...
PT-2023-30456 · Microsoft +1 · Urlmon.Dll +1
Name of the Vulnerable Software and Affected Versions: NetEase CloudMusic version 2.10.4 Description: An Untrusted search path issue allows local users to gain escalated privileges through the urlmon.dll file in the current working directory. Recommendations: For NetEase CloudMusic version 2.10.4...
CVE-2020-24567
voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuratio...
CVE-2019-0995
A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries, aka 'Internet Explorer Security Feature Bypass Vulnerability'...
New SMB Flaw Affects All Versions of Windows
There is a serious vulnerability in all supported versions of Windows that can allow an attacker who has control of some portion of a victim’s network traffic to steal users’ credentials for valuable services. The bug is related to the way that Windows and other software handles some HTTP request...
Microsoft IE URLMON嗅探跨域信息泄露漏洞
BUGTRAQ ID: 38056 CVE ID: CVE-2010-0255 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 在加载本地文件时Internet Explorer的HTML渲染引擎仅检查其MIME类型来判断是否匹配为可处理的文件。对于由于重新定向引用而处理为HTML的未知类型,如果内容源没有明确地设置类型,就会默认将其类型确定为text/html;对于没有明确设置内容类型的非html文件,URLMON会根据重新定向所示默认处理为 text/html类型。因此,Internet...
Design/Logic Flaw
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content...
CVE-2010-0555
CVE-2010-0555 affects Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8. The root cause is URLMON sniffing that allows rendering of non-HTML local files as HTML documents after a redirect, bypassing access restrictions and enabling read of arbitrary files. The description identifies this a...
Microsoft Internet Explorer information leak
It's possible to retrieve any file from client computer via URLMON and Dynamic OBJECT tag...
Core Security Technologies Advisory 2009.0625
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities 1. Advisory Information Title: Internet Explorer Dynamic OBJECT tag and URLMON sniffing...