Computer Security
[EN] no-pyccku

See also
  MICROSOFT : Internet Explorer 6.0
  MICROSOFT : Internet Explorer 5.1
  MICROSOFT : Internet Explorer 4.01
  MICROSOFT : Internet Explorer 4.0
  MICROSOFT : Internet Explorer 5.0
  MICROSOFT : Internet Explorer 5.01
Name:MICROSOFT : Internet Explorer 5.5

6!Internet Explorer drag-n-drop vulnerability
updated since 25.08.2004
document By using javaasript in conjunction with shell:startup it's possible to place executable into startup folder if user drags an object on the page or scrolls the page.
6!Microsoft Internet Explorer XmlHTTPRequest object request and response spoofing
document It's possible to spoof client application request and, under some conditions, server reply by using Microsoft.XMLHTTP object.
 Microsoft Internet Explorer modial dialogs spoofing
document It's possible to spoof modal dialog content. This problem is only significant for Windows proir to Windows XP SP2 / Windows 2003 SP1.
 Microsoft Internet Explorer Drag-and-Drop code execution
updated since 13.02.2006
document By spoofing target window in race period it's possible to install malware in special folder. Vulnerability may be exploited for trojaning user's machine, but requires interaction.
7!Multiple Microsoft Internet Explorer vulnerabilities
updated since 14.12.2005
document Code execution, memory corruption, download dialog manipulation, unencrypted HTTPS proxy data leak.
9!Microsoft Internet Explorer code execution
document Uninitilized memory call on Window() function within OnLoad handler of BODY tag allows code execution.
7!Macromedia Flash Player array index overflow
updated since 05.11.2005
document User controlled value is used as function pointers array index without boundary control.
 Microsoft Internet Explorer URL spoofing
document It's possible to spoof URL with document.write within OnClick method for <a> tag.
7!Microsoft Design Tools COM object uninitialized memory reference
updated since 12.10.2005
document CPolyCtrl class destructor attempts to call a function by the pointer from uninitialized dynamic memory region.
9!Multiple Microsoft Internet Explorer vulnerabilities
updated since 09.08.2005
document Memory corruption on JPEG files parsing, memory corruption on COM object installation, crossite scripting with Web folders.
 Multiple browsers dialog content spoofing
document It's possible to spoof dialog window origin.
 Microsoft Outlook Express NNTP client buffer overflow
document Buffer overflow on NNTP server reply parsing.
6!Multiple Microsoft Internet Explorer memory corruptions
updated since 13.04.2005
document Memory corruptions of different types, including buffer overflows.
8!Multiple Microsoft Internet Explorer browser security vulnerabilities
updated since 09.02.2005
document Drag-n-Drop vulnerability, URL Decoding Zone Spoofing Vulnerability, DHTML Method Heap Memory Corruption Vulnerability, Channel Definition Format (CDF) Cross Domain Vulnerability. This vulnerability can potentially be used for silent spyware or adware installation.
9!Multiple Internet Explorer bugs
updated since 13.10.2004
document CSS buffer overflow, local zone scripting, buffer overflow in Install Engine, writing file to any location with drag and drop or scripting in <img> tag, address bar spoofing, SSL crossite scripting.
7!Microsoft Internet Explorer buffer overflow
updated since 03.11.2004
document Buffer overflow in FRAME and IFRAME tags parameters.
6!Multiple bugs in Internet Explorer
updated since 23.08.2002
document New cumulative patch released by Microsoft.
6!Local file access and code execution in Microsoft Internet Explorer and Netscape/Mozilla XML component
updated since 17.12.2001
document Microsoft's Microsoft.XMLHTTP and Mozilla XMLHttpRequest incorrectly handle redirection allowing to access local files.
8!Multiple Microsoft Internet Explorer crossite scripting bugs
updated since 13.07.2004
document Same name function redirection crossite scripting, ADODB.Stream vulnerability variant (Shell.Application), mouse click hijacking with, Media Preview crossite scripting, drag-n-drop files to shell:Startup.
7!Multiple Internet Explorer vulnerabilities
document Integer overflow on .BMP parsing, double free() on GIF parsing, new ms-its: vulnerability variant.
 Directory traversal in multiple browsers cookie path
document It's possible to access cookie from the document with different path
 Internet Explorer crossdomain keystrokes leak
document Script from one site can access keystrokes send do another site.
10!Multiple Windows ASN.1 bugs
updated since 11.02.2004
document Heap corruptions, heap buffer overflows open possibilities for attack via different protocols and applications.
6!Multiple Internet Explorer bugs
updated since 03.02.2004
document Crossite scripting in Travel Log, URL spoofing.
6!CHM files execution in Internet Explorer
updated since 19.05.2000
document CHM file (HTML-help) may contain unsafe ActiveX elements and could lead to code execution. CHM execution may be triggered by calling CHM file as a HTML or via ActiveX elements.
7!Multiple bugs in Internet Explorer
updated since 11.09.2003
document Crossite scripting via Find dialog, location/refresh, NavigateAndFind, file:javascript:, click to drug-n-drop spoofing, src URL spoofing, BaseRef spoofing, etc.
 Internet explorer (and others) CA certificate attack
updated since 15.08.2002
document For intermediate CA only signature is checked, missed check for basic constaint allows to use any valid certificate as CA certificate.
7!Microsoft Internet Explorer crossite scripting
document Few vulnerabilities allow scripting in local zone.
8!Internet explorer HTML embedded .exe file code execution
updated since 26.02.2003
document By combining Content-Location: file:///xxx.exe with codebase property of <object> tag it's possible to execute .exe file embedded into HTML.
10!Microsoft Internet Explorer multiple bugs
updated since 21.08.2003
document New rollaup fix released: crossite scripting, buffer overflow during <OBJECT> tag parsing, temporary internet files path disclosure, code execution via OBJECT tag.
6!Microsoft Internet Explorer showHelp crossite scripting
updated since 07.02.2003
document Subsequent calls to showHelp cause content to be displayed in the same security zone.
 Outlook Express plaintext HTML injection
document Message content type is determinetd automatically bypassing MIME settings.
6!Internet Explorer buffer overflow
updated since 24.06.2003
document Buffer overflow on copying HR tag with oversized align to clipboard.
7!Multiple bugs in Internet Explorer/Outlook Express
updated since 25.04.2003
document New cumulative patch announced.
7!Multiple Internet Explorer bugs
updated since 05.06.2003
document New cumulativ update fixes buffer overflow and code execution.
6!Microsoft Internet Explorer code execution
updated since 03.05.2003
document Web Folders feature allows to store file in known location. In conjunction with another weaknesses it makes it possible to save and execute code.
 Internet Explorer .mht DoS
document If executable with MZP signature but without actual data is included, NULL pointer reference occurs.
7!Launichng programs via OBJECT tag and scripting via cookies in Microsoft Internet Explorer
updated since 17.01.2002
document It's possible to launch any installed application using OBJECT tag
 Internet Explorer Macromedia Flash crossite scripting
document It's possible to inject script into flash object URL.
6!Microsoft Internet Explorer PNG integer overflow
document Integer overflow dusing PNG deflate unpacking.
7!Multiple Microsoft Internet Explorer bugs
updated since 21.11.2002
document New cumulative patch fixes multiple bugs.
 Internet Explorer modal dialog style crossite scripting
document By using <IMG width="0" height="0" style="width: expression(alert());"> script may be executed in local zone.
6!Outlook Express S/MIME buffer voerflow
document Buffer overflow on certificate warning window.
 Internet Explorer/Mozilla/Opera local zone script execution via FTP folders
updated since 07.06.2002
document It's possible to script on local securty zone if FTP folder presentation is enabled.
 Unauthorized file upload via Internet Explorer
document It's possible to download file in known location or to determine location of cache by using htm files download or Web folders.
 Crossite scripting in Microsoft Internet Explorer
document It's possible to get full access to OBJECT's elements.
7!Six new bugs in Internet Explorer
updated since 16.05.2002
document Crossite scripting, local files disclosure, security zone spoofing, etc.
6!Special DOS-device access in Microsoft Outlook Express
document It's possible to hang Outlooks Express by using prn: device as a name for bgsound or iframe. It's also possible to send data to special device.
6!Cookie access via res:\\ and about:\\ in Microsoft Internet Explorer
updated since 20.10.2001
document It's possible to use about:\\ and res:\\ URl to execute javascript in context of any page and local machine.
 File existance checking in Microsoft Internet Explorer
updated since 05.11.2001
document It's possible to check file existance with dynsrc property or with file:// URL in conjunction with javascript.
8!Buffer overflow in mshtml.dll
updated since 13.02.2002
document Stack overflow on long filename or extension in <EMBED> tag.
7!Несанкционированный доступ через GetObject() в Microsoft Internet Explorer (unauthorized access)
updated since 03.01.2002
 Проблемы с MDB-файлам в Internet Explorer (code execution)
6!Проблема с сертификатами в Internet Explorer (certificates spoofing)
7!Доступ к файлам через htmlfile_FullWindowEmbed ActiveX в Internet Explorer(code execution)
updated since 22.11.2001
6!Проблемы с Secure Password Authentication в Outlook Express (weak encryption)
 Проблемы с "бесточечными" адресами в Internet Explorer (protection bypass)
updated since 11.10.2001
7!Большая дырка в Outlook Express (E-mail execution)
updated since 30.03.2001
6!ОБращение к реестру через IE5.5 (javascript execution)
 Проблема с "Избранными" в Internet Explorer (code execution)
 Атака через web-формы (HTML Form Protocol Attack)
 Доступ к локальным файлам через javasctipt в IE (file access)
 Проблема с адресной книгой в Outlook Express (address book vulnerability)
 Дырка в Internet Explorer (cerificate spoofing)
 Дырка в MS DAC (Internet Publishing Provider)
 Дырка в Internet Explorer (local variable exposure)
6!Крупные дырки в Internet Explorer (, MSScriptControl.ScriptControl)
6!Проблемы в Internet Explorer (MSDAIPP exchange data access)
 Заткнуты очередные дsрки в IE (cached content и другие)
updated since 07.03.2001
 Переполнение буфера в MSHTML
 Дырка в Internet Explorer (Media Player ActiveX)
7!Заткнуто 4 дырки в Internet Explorer (Browser Print Template, File Upload via Form, Scriptlet Rendering, Frame Domain Verification)
updated since 02.12.2000
 Очередная уязвимость в Internet Explorer (Java Object)
updated since 19.10.2000
7!Очередная серьезная дырка в Internet Explorer (Microsoft VM ActiveX Component)
updated since 06.10.2000
 Еще одна дырка в Internet Explorer
6!Очередная дырка в Internet Explorer/Outlook
 Очередная уязвимость между фреймами в IE через Web Browser Control ActiveX
6!Проблемы с HTT-фолдерами в Windows
updated since 15.08.2000
6!Очередная уязвимость IE при работе с объектами Office
updated since 28.06.2000
 Очередная дырка в IE - DHTMLED AttiveX

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod