A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."
Max CVSS
4.3
EPSS Score
3.53%
Published
2006-05-01
Updated
2018-10-18
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.
Max CVSS
9.3
EPSS Score
72.27%
Published
2007-06-12
Updated
2021-07-23
Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
Max CVSS
9.3
EPSS Score
80.03%
Published
2007-06-12
Updated
2018-10-16
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
Max CVSS
9.3
EPSS Score
79.70%
Published
2007-06-12
Updated
2018-10-16
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."
Max CVSS
4.3
EPSS Score
95.55%
Published
2007-03-17
Updated
2018-10-16
Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).
Max CVSS
9.3
EPSS Score
94.58%
Published
2007-03-24
Updated
2018-10-16
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.
Max CVSS
9.3
EPSS Score
80.03%
Published
2007-06-12
Updated
2021-07-23
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
96.09%
Published
2007-06-12
Updated
2022-02-28
Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
Max CVSS
9.3
EPSS Score
95.63%
Published
2007-06-12
Updated
2018-10-16
Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
Max CVSS
9.3
EPSS Score
80.92%
Published
2007-06-12
Updated
2018-10-16
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.
Max CVSS
9.3
EPSS Score
96.12%
Published
2007-06-12
Updated
2021-07-23
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
Max CVSS
4.3
EPSS Score
6.23%
Published
2007-06-12
Updated
2018-10-16
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
Max CVSS
4.3
EPSS Score
10.03%
Published
2007-06-12
Updated
2018-10-16
Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability."
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-06-12
Updated
2018-10-16
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."
Max CVSS
9.3
EPSS Score
72.79%
Published
2007-06-12
Updated
2021-07-23
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!