Lucene search

K

28 matches found

CVE
CVE
added 2006/07/21 2:3 p.m.93 views

CVE-2006-3730

Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.

9.3CVSS7.6AI score0.88442EPSS
CVE
CVE
added 2006/03/23 12:6 a.m.73 views

CVE-2006-1359

Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.

9.3CVSS7.3AI score0.87602EPSS
CVE
CVE
added 2006/08/18 7:4 p.m.61 views

CVE-2006-4219

The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.

7.5CVSS7.7AI score0.37807EPSS
CVE
CVE
added 2006/06/13 7:6 p.m.55 views

CVE-2006-1303

Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTr...

9.3CVSS7.7AI score0.58944EPSS
CVE
CVE
added 2006/03/24 8:2 p.m.52 views

CVE-2006-1388

Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.

7.5CVSS6.7AI score0.67459EPSS
CVE
CVE
added 2006/07/11 10:5 p.m.51 views

CVE-2006-3510

The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.

2.6CVSS6.8AI score0.43426EPSS
CVE
CVE
added 2006/04/29 10:2 a.m.50 views

CVE-2006-2094

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers ...

5.1CVSS6.6AI score0.34906EPSS
CVE
CVE
added 2006/03/17 1:2 a.m.49 views

CVE-2006-1245

Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple E...

7.5CVSS7.5AI score0.69669EPSS
CVE
CVE
added 2006/07/06 1:5 a.m.49 views

CVE-2006-3354

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.

5CVSS7AI score0.41065EPSS
CVE
CVE
added 2006/08/17 1:4 a.m.49 views

CVE-2006-4193

Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (O...

7.5CVSS7.7AI score0.50185EPSS
CVE
CVE
added 2006/02/15 11:0 a.m.48 views

CVE-2005-4717

Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereferenc...

5CVSS6.8AI score0.10269EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.48 views

CVE-2006-1188

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.

7.5CVSS7.2AI score0.63986EPSS
CVE
CVE
added 2006/08/08 11:4 p.m.48 views

CVE-2006-3638

Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM...

7.5CVSS7.2AI score0.64559EPSS
CVE
CVE
added 2006/08/30 1:4 a.m.48 views

CVE-2006-4446

Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.

5CVSS7.8AI score0.7919EPSS
CVE
CVE
added 2006/06/13 7:6 p.m.47 views

CVE-2006-2378

Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.

6.8CVSS7.6AI score0.62392EPSS
CVE
CVE
added 2006/08/23 1:4 a.m.47 views

CVE-2006-3869

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compressi...

7.5CVSS7.9AI score0.72358EPSS
CVE
CVE
added 2006/07/10 8:5 p.m.46 views

CVE-2006-3472

Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

5CVSS6.7AI score0.28361EPSS
CVE
CVE
added 2006/09/14 12:7 a.m.46 views

CVE-2006-4777

Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the K...

7.6CVSS7.9AI score0.86871EPSS
CVE
CVE
added 2006/06/02 10:18 a.m.45 views

CVE-2006-2766

Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.

2.6CVSS6.7AI score0.63435EPSS
CVE
CVE
added 2006/09/12 11:7 p.m.45 views

CVE-2006-3873

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the ta...

7.5CVSS7.9AI score0.72358EPSS
CVE
CVE
added 2006/07/10 7:5 p.m.44 views

CVE-2006-3471

Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.

5CVSS6.9AI score0.44499EPSS
CVE
CVE
added 2006/06/13 7:6 p.m.42 views

CVE-2006-2385

Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.

7.6CVSS7.4AI score0.18242EPSS
CVE
CVE
added 2006/08/31 10:4 p.m.42 views

CVE-2006-4495

Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.

7.5CVSS7.8AI score0.5457EPSS
CVE
CVE
added 2006/07/28 12:4 a.m.41 views

CVE-2006-3910

Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference.

5CVSS7AI score0.40668EPSS
CVE
CVE
added 2006/02/14 11:0 a.m.39 views

CVE-2005-3240

Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focu...

5.1CVSS7.3AI score0.1023EPSS
CVE
CVE
added 2006/08/08 11:4 p.m.38 views

CVE-2006-3450

Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.

7.5CVSS7.3AI score0.63794EPSS
CVE
CVE
added 2006/07/11 11:5 p.m.38 views

CVE-2006-3513

danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference.

5CVSS6.9AI score0.35705EPSS
CVE
CVE
added 2006/08/23 1:4 a.m.37 views

CVE-2006-4301

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DX...

5CVSS6.9AI score0.45641EPSS