Microsoft XML核心服务XMLHTTP控件代码执行漏洞

Microsoft XML核心服务（MSXML）允许使用JScript、VBScript和Microsoft Visual Studio 6.0的用户构建可与其他符合XML 1.0标准的应用程序相互操作的XML应用。 在Microsoft XML Core Services 4.0的XMLHTTP 4.0 ActiveX控件中，setRequestHeader函数没有正确地处理HTTP请求，允许攻击者诱骗用户访问恶意的站点导致执行任意指令。 Microsoft XML Core Services 4.0 - Microsoft Windows XP SP2 - Microsoft...

CVE-2006-5745

CVE-2006-5745 describes a memory-corruption vulnerability in the XMLHTTP ActiveX Control (MSXML4) used by Internet Explorer on Windows, enabling remote code execution when an attacker crafts arguments to setRequestHeader in the XMLHTTP 4.0 control. The issue affects Microsoft XML Core Services 4....

Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations

Overview The Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations. An attacker who exploits this vulnerability may be able to read cookies or view other sensitive data from a vulnerable system. Description Microsoft XML Core Services MSXML allow...

CVE-2006-4685

The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains...

CVE-2006-4685

The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains...

IE mhtml redirection vulnerability using the method-vulnerability warning-the black bar safety net

Author: yunshuAtph4nt0m.org Team: http://www.ph4nt0m.org Data: 2006-05-11 This vulnerability is primarily an information leak, see http://secunia. com/advisories/1 9 7 3 8/specific description. In order to ensure client safety, the xmlhttp is not cross-domain access to information. But the IE...

Microsoft Internet Explorer - MDAC Remote Code Execution (MS06-014)

Microsoft Internet Explorer - MDAC Remote Code Execution MS06-014 !/bin/sh - "exec" "python" "-O" "$0" "$@" doc = """BL4CK - MS06-014 RDS.DataStore - Data Execution CVS-2006-0003 MS06-014 April 2006 this is a bit out-dated, but works very well Usage: ./bl4ckms06014.py...

CentOS 4 : firefox (CESA-2005:785)

An updated firefox package that fixes several security bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox...

CentOS 3 / 4 : Mozilla (CESA-2005:789)

Updated mozilla packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was...

IE mhtml redirection vulnerability using the method-vulnerability warning-the black bar safety net

Article submission: ph4yunshu wustyunshuathotmail.com IE mhtml redirection vulnerability using the method Author: yunshuAtph4nt0m.org Team: http://www.ph4nt0m.org Data: 2006-05-11 This vulnerability is primarily an information leak, seethe specific description. In order to ensure client safety, t...

Microsoft Internet Explorer XmlHTTPRequest object request and response spoofing

It's possible to spoof client application request and, under some conditions, server reply by using Microsoft.XMLHTTP object...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:174)

Updated Mozilla Thunderbird packages fix various vulnerabilities : The run-mozilla.sh script, with debugging enabled, would allow local users to create or overwrite arbitrary files via a symlink attack on temporary files CVE-2005-2353. A bug in the way Thunderbird processes XBM images could be us...

MDKSA-2005:169 : mozilla-firefox

A number of vulnerabilities have been discovered in Mozilla Firefox that have been corrected in version 1.0.7: A bug in the way Firefox processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file CVE-2005-2701. A bug in the way Firefox handles certain Unico...

XML Core Services patch (Q318203)

XMLHTTP Control Can Allow Access to Local Files. A flaw exists in how the XMLHTTP control applies IE security zone settings to a redirected data stream returned in response to a request for data from a web site. A vulnerability results because an attacker could seek to exploit this flaw and speci...

thunderbird security update

CentOS Errata and Security Advisory CESA-2005:791 An updated thunderbird package that fixes various bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail...

Important: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes various bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way...

Fedora Core 3 : thunderbird-1.0.7-1.1.fc3 (2005-962)

An updated thunderbird package that fixes various bugs is now available for Fedora Core 3. This update has been rated as having important security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird...

Fedora Core 3 : firefox-1.0.7-1.1.fc3 (2005-931)

An updated firefox package that fixes several security bugs is now available for Fedora Core 3. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox processes XBM image...

Mandrake Linux Security Advisory : mozilla (MDKSA-2005:170)

A number of vulnerabilities have been discovered in Mozilla that have been corrected in version 1.7.12 : A bug in the way Mozilla processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file CVE-2005-2701. A bug in the way Mozilla handles certain Unicode...

Fedora Core 4 : firefox-1.0.7-1.1.fc4 (2005-926)

An updated firefox package that fixes several security bugs is now available for Fedora Core 4. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox processes XBM image...