Computer Security
[EN] no-pyccku

See also
  MICROSOFT : Internet Explorer 5.5
  MICROSOFT : Internet Explorer 5.1
  MICROSOFT : Internet Explorer 4.01
  MICROSOFT : Internet Explorer 4.0
  MICROSOFT : Internet Explorer 5.0
  MICROSOFT : Internet Explorer 5.01
Name:MICROSOFT : Internet Explorer 6.0

6!Internet Explorer drag-n-drop vulnerability
updated since 25.08.2004
document By using javaasript in conjunction with shell:startup it's possible to place executable into startup folder if user drags an object on the page or scrolls the page.
 Microsoft Indexing Service crossite scripting
updated since 12.09.2006
document Crossite scripting with UTF-7 characters in URL is possible.
7!Multiple Microsoft Internet Explorer and Windows security vulnerabilities
updated since 28.06.2006
document Cross-domain page content access, MSHTA code execution.
6!Microsoft Internet Explorer filtering protection bypass
document For ASCII codepage 8-bit text is converted to 7-bit. It makes it possible to bypass content filters with 8-bit characters within ASCII encoded text.
8!Multiple Microsoft Internet Explorer security vulnerabilities
updated since 13.06.2006
document Multiple memory corruptions, address bar spoofing, cross-frame data access. May be used for hidden malware installation.
9!Multiple Microsoft Internet Explorer security vulnerabilities
updated since 22.03.2006
document Jump to ininitialized function pointer by referencing unspupported object's method (createTextRange() for checkbox). Potentially can be used for code execution and hidden malware installation. Memory corruption on uninitialized event handlers. HTA code execution. HTML parsing memory corrution. COM objects memory corruption. Crossite scripting.
6!Microsoft Internet Explorer memory corruption
document resizeBy() method negative values memory corruption.
6!Microsoft Internet Explorer XmlHTTPRequest object request and response spoofing
document It's possible to spoof client application request and, under some conditions, server reply by using Microsoft.XMLHTTP object.
8!Microsoft Internet Explorer memory corruption
updated since 23.04.2006
document Uninitialized pointer dereference on OBJECT tag processing. Can be used for hidden malware installation.
 Microsoft Internet Explorer modial dialogs spoofing
document It's possible to spoof modal dialog content. This problem is only significant for Windows proir to Windows XP SP2 / Windows 2003 SP1.
7!Microsoft Internet Explorer crossite access
document Script from one site can access content of the page from different site with mhtml: URI handler.
8!Microsoft Internet Explorer array index overflow
document Array index overflow for large number of HTML tag's events handlers. Vulnerability can be used for hidden malware installation.
 Microsoft Internet Explorer IsComponentInstalled buffer overflow
document Problem is fixed in Windows 2000 SP4 / Windows XP SP1.
 Microsoft Internet Explorer Drag-and-Drop code execution
updated since 13.02.2006
document By spoofing target window in race period it's possible to install malware in special folder. Vulnerability may be exploited for trojaning user's machine, but requires interaction.
7!Multiple Microsoft Internet Explorer vulnerabilities
updated since 14.12.2005
document Code execution, memory corruption, download dialog manipulation, unencrypted HTTPS proxy data leak.
9!Microsoft Internet Explorer code execution
document Uninitilized memory call on Window() function within OnLoad handler of BODY tag allows code execution.
7!Macromedia Flash Player array index overflow
updated since 05.11.2005
document User controlled value is used as function pointers array index without boundary control.
 Microsoft Internet Explorer URL spoofing
document It's possible to spoof URL with document.write within OnClick method for <a> tag.
7!Microsoft Design Tools COM object uninitialized memory reference
updated since 12.10.2005
document CPolyCtrl class destructor attempts to call a function by the pointer from uninitialized dynamic memory region.
6!Microsoft FTP client directory traversal
document It's possible to place downloaded file in any directory from server side.
9!Multiple Microsoft Internet Explorer vulnerabilities
updated since 09.08.2005
document Memory corruption on JPEG files parsing, memory corruption on COM object installation, crossite scripting with Web folders.
7!Multiple Internet Explorer JPEG parsing problems
document Multiple problems including memory corruption on JPEG parsing.
8!Microsoft Internet Explorer buffer overflow
updated since 29.06.2005
document Buffer overflow while parsing document with embedded non-ActiveX <object> elements.
 Multiple browsers dialog content spoofing
document It's possible to spoof dialog window origin.
 Microsoft Outlook Express NNTP client buffer overflow
document Buffer overflow on NNTP server reply parsing.
6!Multiple Microsoft Internet Explorer memory corruptions
updated since 13.04.2005
document Memory corruptions of different types, including buffer overflows.
 Buffer overflow in multiple IMAP clients
updated since 15.05.2003
document Buffer overflows on long replies, large message sizes, etc.
8!Multiple Microsoft Internet Explorer browser security vulnerabilities
updated since 09.02.2005
document Drag-n-Drop vulnerability, URL Decoding Zone Spoofing Vulnerability, DHTML Method Heap Memory Corruption Vulnerability, Channel Definition Format (CDF) Cross Domain Vulnerability. This vulnerability can potentially be used for silent spyware or adware installation.
9!Microsoft Internet Explorer DHTML Edit and Help ActiveX crossite scripting
updated since 15.12.2004
document DHTML ActiveX and Help allows code injection into context of different server. By combining this vulnerability it's psosible to execute code in local machine zone. This vulnerability can potentially be used for silent spyware/adware installation.
9!Multiple Internet Explorer bugs
updated since 13.10.2004
document CSS buffer overflow, local zone scripting, buffer overflow in Install Engine, writing file to any location with drag and drop or scripting in <img> tag, address bar spoofing, SSL crossite scripting.
 Microsoft Internet Explorer directory traversal
document ..\ in filename is not checked.
 Microsoft Internet Explorer sysimage: information leak
document By using sysimage: URL it's possible to check local file existance.
7!Microsoft Internet Explorer buffer overflow
updated since 03.11.2004
document Buffer overflow in FRAME and IFRAME tags parameters.
 Microsoft Internet Explorer information leak
document It's possible to check file existance in the standard folder.
7!Internet Explorer HTML Help Control ActiveX crossite scripting
document By clicking control element, it's possible to activate script in context of different site or local system.
6!Multiple bugs in Internet Explorer
updated since 23.08.2002
document New cumulative patch released by Microsoft.
6!Local file access and code execution in Microsoft Internet Explorer and Netscape/Mozilla XML component
updated since 17.12.2001
document Microsoft's Microsoft.XMLHTTP and Mozilla XMLHttpRequest incorrectly handle redirection allowing to access local files.
8!Windows GDI+ libraries JPEG buffer overflow
updated since 15.09.2004
document Buffer overflow in JPEG parsing routines.
 multiple browsers cookie spoofing
updated since 25.08.2004
document It's possible to spoof cookies for few 3rd level domains.
8!Multiple Microsoft Internet Explorer crossite scripting bugs
updated since 13.07.2004
document Same name function redirection crossite scripting, ADODB.Stream vulnerability variant (Shell.Application), mouse click hijacking with, Media Preview crossite scripting, drag-n-drop files to shell:Startup.
7!Multiple Internet Explorer vulnerabilities
document Integer overflow on .BMP parsing, double free() on GIF parsing, new ms-its: vulnerability variant.
8!MS Internet Explorer CHM files and ms-its handler code execution
updated since 09.04.2004
document HTTP redirection to ms-its (and few others) protocol exploiting directory traversal bug cause CHM file to be saved to known location. With another directory traversal bug HTML from CHM file can be executed in local zone.
 Outlook/Outlook Express NULL character DoS
document Client hangs on POP3 receiving if message contains NULL character.
 Directory traversal in multiple browsers cookie path
document It's possible to access cookie from the document with different path
 Internet Explorer crossdomain keystrokes leak
document Script from one site can access keystrokes send do another site.
10!Multiple Windows ASN.1 bugs
updated since 11.02.2004
document Heap corruptions, heap buffer overflows open possibilities for attack via different protocols and applications.
6!Multiple Internet Explorer bugs
updated since 03.02.2004
document Crossite scripting in Travel Log, URL spoofing.
6!CHM files execution in Internet Explorer
updated since 19.05.2000
document CHM file (HTML-help) may contain unsafe ActiveX elements and could lead to code execution. CHM execution may be triggered by calling CHM file as a HTML or via ActiveX elements.
7!Multiple bugs in Internet Explorer
updated since 11.09.2003
document Crossite scripting via Find dialog, location/refresh, NavigateAndFind, file:javascript:, click to drug-n-drop spoofing, src URL spoofing, BaseRef spoofing, etc.
 Internet explorer (and others) CA certificate attack
updated since 15.08.2002
document For intermediate CA only signature is checked, missed check for basic constaint allows to use any valid certificate as CA certificate.
7!Microsoft Internet Explorer crossite scripting
document Few vulnerabilities allow scripting in local zone.
8!Internet explorer HTML embedded .exe file code execution
updated since 26.02.2003
document By combining Content-Location: file:///xxx.exe with codebase property of <object> tag it's possible to execute .exe file embedded into HTML.
6!Microsoft internet explorer local files access
updated since 27.10.2003
document Redirection with Location: file:/// allows to open local file in known location. Macromedia flash allows to store HTML text in known file.
 Internet Explorer Shell Folders local files access
document It's possible to address local files by URL shell: with relative paths.
10!Microsoft Internet Explorer multiple bugs
updated since 21.08.2003
document New rollaup fix released: crossite scripting, buffer overflow during <OBJECT> tag parsing, temporary internet files path disclosure, code execution via OBJECT tag.
6!Microsoft Internet Explorer showHelp crossite scripting
updated since 07.02.2003
document Subsequent calls to showHelp cause content to be displayed in the same security zone.
7!Multiple bugs in ActiveX components
updated since 20.08.2002
document Local files access in applet and XMLHTTPConnection ActiveX, buffer overflow in xweb.ocx ActiveX (Microsoft DirectX Files Viewer), TSAC and File Transfer Manager (FTM) ActiveX.
 Outlook Express plaintext HTML injection
document Message content type is determinetd automatically bypassing MIME settings.
6!Internet Explorer buffer overflow
updated since 24.06.2003
document Buffer overflow on copying HR tag with oversized align to clipboard.
7!Multiple bugs in Internet Explorer/Outlook Express
updated since 25.04.2003
document New cumulative patch announced.
7!Multiple Internet Explorer bugs
updated since 05.06.2003
document New cumulativ update fixes buffer overflow and code execution.
7!Microsoft Internet Explorer code execution
updated since 09.05.2003
document If page contains large number of elements like <FRAME SRC="C:\winnt\regedit.exe"></FRAME> application will be executed without user's intervation.
6!Microsoft Internet Explorer code execution
updated since 03.05.2003
document Web Folders feature allows to store file in known location. In conjunction with another weaknesses it makes it possible to save and execute code.
 Internet Explorer .mht DoS
document If executable with MZP signature but without actual data is included, NULL pointer reference occurs.
7!Launichng programs via OBJECT tag and scripting via cookies in Microsoft Internet Explorer
updated since 17.01.2002
document It's possible to launch any installed application using OBJECT tag
 Internet Explorer Macromedia Flash crossite scripting
document It's possible to inject script into flash object URL.
6!Multiple bugs in Microsoft Virtual Java Machine
updated since 09.09.2002
document Amongg others there are bugs allowing file access on client computer.
6!Microsoft Internet Explorer PNG integer overflow
document Integer overflow dusing PNG deflate unpacking.
7!Multiple Microsoft Internet Explorer bugs
updated since 21.11.2002
document New cumulative patch fixes multiple bugs.
 Internet Explorer modal dialog style crossite scripting
document By using <IMG width="0" height="0" style="width: expression(alert());"> script may be executed in local zone.
6!Microsoft Internet Explorer saved references and identifiers crossite scripting
updated since 02.10.2002
document By saving location.assign method of parent window it's possible to access it content any time. It's also possible to reference frame by it's identifier.
6!Outlook Express S/MIME buffer voerflow
document Buffer overflow on certificate warning window.
 Internet explorer and Konquerror frames crossite scripting
updated since 10.09.2002
document For sites with frame it's possible to execute script by spoofing location of one of frames.
6!Buffer overflows in multiple browsers x.509 certificates parsing
6!Crossite scripting in Internet Explorer and Konqueror
updated since 04.09.2002
document It's possible to spoof domain by using %sF in URL's username:[email protected]/
 Internet Explorer/Mozilla/Opera local zone script execution via FTP folders
updated since 07.06.2002
document It's possible to script on local securty zone if FTP folder presentation is enabled.
 Unauthorized file upload via Internet Explorer
document It's possible to download file in known location or to determine location of cache by using htm files download or Web folders.
 Microsoft Internet Explorer cash path leakage via XML
document It's possible to obtain path of loaded document by using XML exception handlers.
 Crossite scripting in Microsoft Internet Explorer
document It's possible to get full access to OBJECT's elements.
8!Microsoft Internet Explorer, Microsoft Proxy & Microsoft ISA server buffer overflow gopher buffer overflow
updated since 04.06.2002
7!Six new bugs in Internet Explorer
updated since 16.05.2002
document Crossite scripting, local files disclosure, security zone spoofing, etc.
7!Unauthorized access to special devices and NetBIOS connections in Microsoft Internet Explorer
updated since 14.05.2002
document With <IFRAME> and <BGSOUND> tags it's possible to cause DoS against Outlook Express or to send data to special device. It's also posible to cause IE to establish NetBIOS connection with any untrusted host.
6!Special DOS-device access in Microsoft Outlook Express
document It's possible to hang Outlooks Express by using prn: device as a name for bgsound or iframe. It's also possible to send data to special device.
6!Cookie access via res:\\ and about:\\ in Microsoft Internet Explorer
updated since 20.10.2001
document It's possible to use about:\\ and res:\\ URl to execute javascript in context of any page and local machine.
 HTML injection via mailto: URL Interenet Explorer
document It's possible to inject HTML text into mailto: reference.
 Partial access to local files via CSS in Internet Explorer
document Via .oFile.cssText property of Link object it's possible to get partial content of any file with structure close to CSS.
 File existance checking in Microsoft Internet Explorer
updated since 05.11.2001
document It's possible to check file existance with dynsrc property or with file:// URL in conjunction with javascript.
6!Executable launch via Windows Medial Player from Microsoft Outlook/Outlook express
document Via Windows Media file (wma) it's possible to open HTML file in local security zone, from html it's open chm, from chm - executable.
8!Buffer overflow in mshtml.dll
updated since 13.02.2002
document Stack overflow on long filename or extension in <EMBED> tag.
7!Несанкционированный доступ через GetObject() в Microsoft Internet Explorer (unauthorized access)
updated since 03.01.2002
 Проблемы с MDB-файлам в Internet Explorer (code execution)
6!Проблема с сертификатами в Internet Explorer (certificates spoofing)
7!Доступ к файлам через htmlfile_FullWindowEmbed ActiveX в Internet Explorer(code execution)
updated since 22.11.2001
6!Проблемы с Secure Password Authentication в Outlook Express (weak encryption)
 Проблемы с "бесточечными" адресами в Internet Explorer (protection bypass)
updated since 11.10.2001

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod