30 matches found
CVE-2017-11843
CVE-2017-11843 affects ChakraCore and Microsoft Edge; described as a memory-corruption vulnerability in the scripting engine that lets an attacker gain the current user’s rights by manipulating in-memory objects. GHSA advisories indicate impact on Windows 10 (versions 1703 and 1709) and Windows S...
CVE-2017-11791
CVE-2017-11791 is described in the provided documents as an information-disclosure vulnerability affecting the scripting engine in ChakraCore/Internet Explorer. The vulnerability arises from how objects are handled in memory and is reported for Internet Explorer and ChakraCore components on Windo...
CVE-2017-8741
CVE-2017-8741 affects Internet Explorer/Edge rendering engines in Windows platforms; the vulnerability arises from how scripting engines render objects in memory, enabling an attacker to execute arbitrary code in the context of the current user. The Nessus-derived details describe a remote-code-e...
CVE-2017-11837
CVE-2017-11837 affects ChakraCore/Edge scripting engine memory handling. Root cause: memory corruption when manipulating JavaScript objects in memory, enabling an attacker to execute code with the current user’s privileges. Affected products include ChakraCore and Microsoft Edge on Windows 10 (17...
CVE-2017-11846
CVE-2017-11846 affects ChakraCore and Edge/IE scripting engine in Windows 7 SP1, Windows Server 2008/2008 R2, 8.1, 10 (various builds), and Windows Server 2012/2012 R2, with memory handling in the scripting engine leading to memory corruption. The vulnerability could allow an attacker to execute ...
CVE-2017-11858
CVE-2017-11858 is related to ChakraCore/Edge memory corruption via the scripting engine, enabling a user-rights gain by manipulating in-memory objects. Affected components include ChakraCore and Microsoft Edge on Windows 10 versions 1703/1709 and Windows Server equivalents, tied to how memory obj...
CVE-2017-8748
CVE-2017-8748 is a remote code execution vulnerability in Internet Explorer (and IE components in Edge) caused by how the browser’s JavaScript engines render in-memory objects. The issue affects multiple Windows versions listed in the CVE and is described in the September 2017 IE security updates...
CVE-2017-11838
CVE-2017-11838 affects ChakraCore and Microsoft Edge in Windows environments (various versions listed in the initial entry). The vulnerability arises from how the scripting engine handles objects in memory, leading to memory corruption that could allow an attacker to execute code with the same us...
CVE-2008-0454
The CVE-2008-0454 entry concerns Skype on Windows where cross-zone scripting is possible through the Internet Explorer web control. Specifically, in Skype 3.6.0.244 (and earlier 3.5.x/3.6.x), a user-assisted attacker could inject arbitrary web script/HTML in the Local Machine Zone via the Title f...
CVE-2008-4029
CVE-2008-4029 relates to a cross-domain scripting vulnerability in Microsoft XML Core Services 3.0/4.0 (MSXML) used by Internet Explorer. The issue stems from improper error checking for external DTDs in XML documents, enabling a crafted XML to leak information to another domain. Microsoft MS08-0...
CVE-2008-7295
CVE-2008-7295 : Affects Microsoft Internet Explorer by failing to properly restrict modifications to cookies set over HTTPS, allowing a man-in-the-middle attacker to overwrite or delete cookies via a Set-Cookie header in an HTTP response. Root cause cited as lack of HTTP Strict Transport Security...
CVE-2004-0549
The CVE-2004-0549 vulnerability is a cross-domain navigation/redirect issue in the Internet Explorer rendering stack (WebBrowser ActiveX or MSHTML) used by IE6 and other IE-enabled components. A remote attacker could abuse navigation via delayed HTTP redirects (or manipulated Location headers) an...
CVE-2010-1852
CVE-2010-1852 concerns Microsoft Internet Explorer when the Invisible Hand extension runs. The cited data describe that cookies are used during background HTTP requests in an unexpected manner, which could allow remote web servers to identify users and their product searches via HTTP request logg...
CVE-2008-3023
Summary: CVE-2008-3023 is an XSS vulnerability in FreeStyle Wiki affecting 3.6.2 and earlier, and 3.6.3 dev3 and earlier, where Internet Explorer could execute arbitrary script via unspecified vectors. The condition is that IE-based rendering allows injected HTML/script, with impact described as ...
CVE-2007-2718
CVE-2007-2718 describes a cross-site scripting (XSS) vulnerability in the WebMail component of Stalker CommuniGate Pro 5.1.8 and earlier when accessed via Microsoft Internet Explorer . The issue allows a remote attacker to inject arbitrary web script or HTML through crafted STYLE tags . The vulne...
CVE-2008-5912
CVE-2008-5912 is an information-disclosure issue affecting Microsoft Internet Explorer. Connected scanners describe an IE information-disclosure vulnerability where a JavaScript-related function exposes a “temporary footprint” during an active user login, which could ease in-session phishing by p...
CVE-2007-3954
Technical details for CVE-2007-3954 are not publicly available in the provided connected documents. The materials do not specify affected products, versions, impact, exploit status, or remediation. Monitor for updates and rely on official advisories for precise information.
CVE-2007-3924
CVE-2007-3924 describes an argument-injection vulnerability in Internet Explorer when Netscape is installed and certain URIs are registered. The issue arises from IE not properly delimiting the URL argument when invoking Netscape, allowing remote attackers to perform cross-browser scripting and e...
CVE-2008-3173
Microsoft Internet Explorer is affected by CVE-2008-3173, where web sites can set cookies for domains with a public suffix containing more than one dot, enabling session fixation and potential HTTP session hijacking. The issue is tied to an insufficient fix for CVE-2004-0866, suggesting a remedia...
CVE-2006-6956
CVE-2006-6956 affects Microsoft Internet Explorer. The vulnerability arises when a web page contains a large number of nested marquee tags, which can cause a remote denial-of-service crash. Connected sources confirm the DoS impact linked to the marquee nesting issue (related to CVE-2006-2723). Th...
CVE-2010-2442
CVE-2010-2442 concerns Microsoft Internet Explorer (noted as IE 8 or similar) where the browser does not properly restrict focus changes, enabling a remote attacker to read keystrokes through cross-domain IFRAME gadgets. The primary affected component is the browser’s handling of focus and cross-...
CVE-2008-0460
CVE-2008-0460 affects MediaWiki up to 1.11.x (and BotQuery extension up to 1.7 and earlier) where an XSS vulnerability in api.php can inject arbitrary script/HTML when viewed in Internet Explorer. The vulnerability impacts multiple legacy MediaWiki versions (1.11 through 1.11.0rc1, 1.10.x, 1.9.x,...
CVE-2007-3958
The CVE-2007-3958 entry concerns Microsoft Windows Explorer (explorer.exe) and a denial of service triggered by processing a crafted GIF file (Art.gif). The connected NVD entry confirms the vulnerability is user-assisted and affects GIF parsing, leading to a denial of service. The description doe...
CVE-2007-3930
The CVE-2007-3930 entry concerns a XSS vulnerability in DokuWiki’s spellchecker backend. Affects DokuWiki spellcheck.php (lib/exe/spellcheck.php) where the spell_utf8test path triggers HTML document identification and script execution by Internet Explorer when validating UTF-8 messages, even if t...
CVE-2010-0652
CVE-2010-0652 affects Microsoft Internet Explorer. The issue: cross-origin loading of CSS stylesheets when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, enabling remote servers to obtain sensitive information via a crafted document. This description ...
CVE-2008-2841
The CVE-2008-2841 entry concerns XChat on Windows (versions 2.8.7b and earlier). The root cause is an argument injection vulnerability that occurs when Internet Explorer is used, allowing remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. The connected d...
CVE-2004-2704
HastyMail (PHP-based mail client) does not send the attachment parameter in the Content-Disposition header for attachments in versions ≤1.0.1 (stable) and ≤1.1 (development). This causes attachments to render inline in Internet Explorer when the download link is clicked, facilitating cross-site s...
CVE-2005-1829
Microsoft Internet Explorer 6 SP2 is affected by CVE-2005-1829. The vulnerability allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other. The available sources describe the issue at a high level (DoS through crafted e...
CVE-2007-3075
CVE-2007-3075: Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme (e.g., encoded backslash). The connected documents confirm the vulnerability description but do not spec...
CVE-2011-0347
This CVE (CVE-2011-0347) corresponds to a high-severity vulnerability in Microsoft Internet Explorer on Windows XP, involving an incorrect GUI display triggered via DOM-related vectors (cross_fuzz). The OpenVAS entries group this under a Windows Shell/IE flaw (MS11-006) with a CVSS v2 base score ...