| 6! | Internet Explorer drag-n-drop vulnerability
updated since 25.08.2004
|
 | | By using javaasript in conjunction with shell:startup it's possible to place executable into startup folder if user drags an object on the page or scrolls the page. |
| 6! | Microsoft Internet Explorer XmlHTTPRequest object request and response spoofing
|
| | It's possible to spoof client application request and, under some conditions, server reply by using Microsoft.XMLHTTP object. |
| | Microsoft Internet Explorer modial dialogs spoofing
|
| | It's possible to spoof modal dialog content. This problem is only significant for Windows proir to Windows XP SP2 / Windows 2003 SP1. |
| | Microsoft Internet Explorer Drag-and-Drop code execution
updated since 13.02.2006
|
| | By spoofing target window in race period it's possible to install malware in special folder. Vulnerability may be exploited for trojaning user's machine, but requires interaction. |
| 7! | Multiple Microsoft Internet Explorer vulnerabilities
updated since 14.12.2005
|
| | Code execution, memory corruption, download dialog manipulation, unencrypted HTTPS proxy data leak. |
| 9! | Microsoft Internet Explorer code execution
|
| | Uninitilized memory call on Window() function within OnLoad handler of BODY tag allows code execution. |
| 7! | Macromedia Flash Player array index overflow
updated since 05.11.2005
|
| | User controlled value is used as function pointers array index without boundary control. |
| | Microsoft Internet Explorer URL spoofing
|
| | It's possible to spoof URL with document.write within OnClick method for <a> tag. |
| 7! | Microsoft Design Tools COM object uninitialized memory reference
updated since 12.10.2005
|
| | CPolyCtrl class destructor attempts to call a function by the pointer from uninitialized dynamic memory region. |
| 9! | Multiple Microsoft Internet Explorer vulnerabilities
updated since 09.08.2005
|
| | Memory corruption on JPEG files parsing, memory corruption on COM object installation, crossite scripting with Web folders. |
| | Multiple browsers dialog content spoofing
|
| | It's possible to spoof dialog window origin. |
| | Microsoft Outlook Express NNTP client buffer overflow
|
| | Buffer overflow on NNTP server reply parsing. |
| 6! | Multiple Microsoft Internet Explorer memory corruptions
updated since 13.04.2005
|
| | Memory corruptions of different types, including buffer overflows. |
| 8! | Multiple Microsoft Internet Explorer browser security vulnerabilities
updated since 09.02.2005
|
| | Drag-n-Drop vulnerability, URL Decoding Zone Spoofing Vulnerability, DHTML Method Heap Memory Corruption Vulnerability, Channel Definition Format (CDF) Cross Domain Vulnerability. This vulnerability can potentially be used for silent spyware or adware installation. |
| 9! | Multiple Internet Explorer bugs
updated since 13.10.2004
|
| | CSS buffer overflow, local zone scripting, buffer overflow in Install Engine, writing file to any location with drag and drop or scripting in <img> tag, address bar spoofing, SSL crossite scripting. |
| 7! | Microsoft Internet Explorer buffer overflow
updated since 03.11.2004
|
| | Buffer overflow in FRAME and IFRAME tags parameters. |
| 6! | Multiple bugs in Internet Explorer
updated since 23.08.2002
|
| | New cumulative patch released by Microsoft. |
| 6! | Local file access and code execution in Microsoft Internet Explorer and Netscape/Mozilla XML component
updated since 17.12.2001
|
| | Microsoft's Microsoft.XMLHTTP and Mozilla XMLHttpRequest incorrectly handle redirection allowing to access local files. |
| 8! | Multiple Microsoft Internet Explorer crossite scripting bugs
updated since 13.07.2004
|
| | Same name function redirection crossite scripting, ADODB.Stream vulnerability variant (Shell.Application), mouse click hijacking with Popup.show(), Media Preview crossite scripting, drag-n-drop files to shell:Startup. |
| 7! | Multiple Internet Explorer vulnerabilities
|
| | Integer overflow on .BMP parsing, double free() on GIF parsing, new ms-its: vulnerability variant. |
| | Directory traversal in multiple browsers cookie path
|
| | It's possible to access cookie from the document with different path |
| | Internet Explorer crossdomain keystrokes leak
|
| | Script from one site can access keystrokes send do another site. |
| 10! | Multiple Windows ASN.1 bugs
updated since 11.02.2004
|
| | Heap corruptions, heap buffer overflows open possibilities for attack via different protocols and applications. |
| 6! | Multiple Internet Explorer bugs
updated since 03.02.2004
|
| | Crossite scripting in Travel Log, URL spoofing. |
| 6! | CHM files execution in Internet Explorer
updated since 19.05.2000
|
| | CHM file (HTML-help) may contain unsafe ActiveX elements and could lead to code execution. CHM execution may be triggered by calling CHM file as a HTML or via ActiveX elements. |
| 7! | Multiple bugs in Internet Explorer
updated since 11.09.2003
|
| | Crossite scripting via Find dialog, location/refresh, NavigateAndFind, file:javascript:, click to drug-n-drop spoofing, src URL spoofing, BaseRef spoofing, etc. |
| | Internet explorer (and others) CA certificate attack
updated since 15.08.2002
|
| | For intermediate CA only signature is checked, missed check for basic constaint allows to use any valid certificate as CA certificate. |
| 7! | Microsoft Internet Explorer crossite scripting
|
| | Few vulnerabilities allow scripting in local zone. |
| 8! | Internet explorer HTML embedded .exe file code execution
updated since 26.02.2003
|
| | By combining Content-Location: file:///xxx.exe with codebase property of <object> tag it's possible to execute .exe file embedded into HTML. |
| 10! | Microsoft Internet Explorer multiple bugs
updated since 21.08.2003
|
| | New rollaup fix released:
crossite scripting, buffer overflow during <OBJECT> tag parsing, temporary internet files path disclosure, code execution via OBJECT tag. |
| 6! | Microsoft Internet Explorer showHelp crossite scripting
updated since 07.02.2003
|
| | Subsequent calls to showHelp cause content to be displayed in the same security zone. |
| | Outlook Express plaintext HTML injection
|
| | Message content type is determinetd automatically bypassing MIME settings. |
| 6! | Internet Explorer buffer overflow
updated since 24.06.2003
|
| | Buffer overflow on copying HR tag with oversized align to clipboard. |
| 7! | Multiple bugs in Internet Explorer/Outlook Express
updated since 25.04.2003
|
| | New cumulative patch announced. |
| 7! | Multiple Internet Explorer bugs
updated since 05.06.2003
|
| | New cumulativ update fixes buffer overflow and code execution. |
| 6! | Microsoft Internet Explorer code execution
updated since 03.05.2003
|
| | Web Folders feature allows to store file in known location. In conjunction with another weaknesses it makes it possible to save and execute code. |
| | Internet Explorer .mht DoS
|
| | If executable with MZP signature but without actual data is included, NULL pointer reference occurs. |
| 7! | Launichng programs via OBJECT tag and scripting via cookies in Microsoft Internet Explorer
updated since 17.01.2002
|
| | It's possible to launch any installed application using OBJECT tag |
| | Internet Explorer Macromedia Flash crossite scripting
|
| | It's possible to inject script into flash object URL. |
| 6! | Microsoft Internet Explorer PNG integer overflow
|
| | Integer overflow dusing PNG deflate unpacking. |
| 7! | Multiple Microsoft Internet Explorer bugs
updated since 21.11.2002
|
| | New cumulative patch fixes multiple bugs. |
| | Internet Explorer modal dialog style crossite scripting
|
| | By using <IMG width="0" height="0" style="width: expression(alert());">
script may be executed in local zone. |
| 6! | Outlook Express S/MIME buffer voerflow
|
| | Buffer overflow on certificate warning window. |
| | Internet Explorer/Mozilla/Opera local zone script execution via FTP folders
updated since 07.06.2002
|
| | It's possible to script on local securty zone if FTP folder presentation is enabled. |
| | Unauthorized file upload via Internet Explorer
|
| | It's possible to download file in known location or to determine location of cache by using htm files download or Web folders. |
| | Crossite scripting in Microsoft Internet Explorer
|
| | It's possible to get full access to OBJECT's elements. |
| 7! | Six new bugs in Internet Explorer
updated since 16.05.2002
|
| | Crossite scripting, local files disclosure, security zone spoofing, etc. |
| 6! | Special DOS-device access in Microsoft Outlook Express
|
| | It's possible to hang Outlooks Express by using prn: device as a name for bgsound or iframe. It's also possible to send data to special device. |
| 6! | Cookie access via res:\\ and about:\\ in Microsoft Internet Explorer
updated since 20.10.2001
|
| | It's possible to use about:\\ and res:\\ URl to execute javascript in context of any page and local machine. |
| | File existance checking in Microsoft Internet Explorer
updated since 05.11.2001
|
| | It's possible to check file existance with dynsrc property or with file:// URL in conjunction with javascript. |
| 8! | Buffer overflow in mshtml.dll
updated since 13.02.2002
|
| | Stack overflow on long filename or extension in <EMBED> tag. |
| 7! | Несанкционированный доступ через GetObject() в Microsoft Internet Explorer (unauthorized access)
updated since 03.01.2002 |
| | | |
| | Проблемы с MDB-файлам в Internet Explorer (code execution) |
| | | |
| 6! | Проблема с сертификатами в Internet Explorer (certificates spoofing) |
| | | |
| 7! | Доступ к файлам через htmlfile_FullWindowEmbed ActiveX в Internet Explorer(code execution)
updated since 22.11.2001 |
| | | |
| 6! | Проблемы с Secure Password Authentication в Outlook Express (weak encryption) |
| | | |
| | Проблемы с "бесточечными" адресами в Internet Explorer (protection bypass)
updated since 11.10.2001 |
| | | |
| 7! | Большая дырка в Outlook Express (E-mail execution)
updated since 30.03.2001 |
| | | |
| 6! | ОБращение к реестру через IE5.5 (javascript execution) |
| | | |
| | Атака через web-формы (HTML Form Protocol Attack) |
| | | |
| | Проблема с "Избранными" в Internet Explorer (code execution) |
| | | |
| | Доступ к локальным файлам через javasctipt в IE (file access) |
| | | |
| | Проблема с адресной книгой в Outlook Express (address book vulnerability) |
| | | |
| | Дырка в Internet Explorer (cerificate spoofing) |
| | | |
| | Дырка в MS DAC (Internet Publishing Provider) |
| | | |
| | Дырка в Internet Explorer (local variable exposure) |
| | | |
| 6! | Крупные дырки в Internet Explorer (vnd.ms.radio, MSScriptControl.ScriptControl) |
| | | |
| 6! | Проблемы в Internet Explorer (MSDAIPP exchange data access) |
| | | |
| | Заткнуты очередные дsрки в IE (cached content и другие)
updated since 07.03.2001 |
| | | |
| | Переполнение буфера в MSHTML |
| | | |
| | Дырка в Internet Explorer (Media Player ActiveX) |
| | | |
| 7! | Заткнуто 4 дырки в Internet Explorer (Browser Print Template, File Upload via Form, Scriptlet Rendering, Frame Domain Verification)
updated since 02.12.2000 |
| | | |
| | Очередная уязвимость в Internet Explorer (Java Object)
updated since 19.10.2000 |
| | | |
| 7! | Очередная серьезная дырка в Internet Explorer (Microsoft VM ActiveX Component)
updated since 06.10.2000 |
| | | |
| | Еще одна дырка в Internet Explorer |
| | | |
| 6! | Очередная дырка в Internet Explorer/Outlook |
| | | |
| | Очередная уязвимость между фреймами в IE через Web Browser Control ActiveX |
| | | |
| 6! | Проблемы с HTT-фолдерами в Windows
updated since 15.08.2000 |
| | | |
| 6! | Очередная уязвимость IE при работе с объектами Office
updated since 28.06.2000 |
| | | |
| | Очередная дырка в IE - DHTMLED AttiveX |
| | | |
| | |
