Product Key Explorer version 4.2.0.0 suffers from a Key denial of service vulnerability.
9bbf0f88fcc147555aafba4f4e7f1811Zero Day Initiative Advisory 12-141 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within Microsoft .NET XAML Browser Application (XBAP) handling of Clipboard object data. It is possible to cause unsafe memory access within System.Windows.Forms.Clipboard, allowing an attacker to control the memory used by an object's native code. This unsafe access allows for control of a function pointer, which can be exploited to remotely execute code. In the case of Internet Explorer, execution of attacker code occurs outside of the Protected Mode sandbox.
115854b44c0ecde1869f05b2c8d44fc5The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized or is deleted, aka "Time Element Memory Corruption Vulnerability." This is an exploit for the vulnerability noted in MS11-050.
c360b436f312000c4cb2ecb69ece4dd6Secunia Security Advisory - Four vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
987c430c1ea0bf27a7d064a664276a63This Metasploit module exploits a heap overflow vulnerability in Internet Explorer caused by an incorrect handling of the span attribute for col elements from a fixed table, when they are modified dynamically by javascript code.
779949c97029d653dbfeebf52387ec06Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test they used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.
a0d1c207cb55892da09387080f48352aThe *toStaticHTML* component, which is found in Internet Explorer versions greater than 8, SharePoint and Lync is used to sanitize HTML fragments from dynamic and potentially malicious content. An attacker is able to create a specially formed CSS that will overcome * toStaticHTML*'s security logic; therefore, after passing the specially crafted CSS string through the *toStaticHTML* function, it will contain an expression that triggers a JavaScript call.
ad76cc4f504fecd5c463709842fcb510Secunia Security Advisory - Two vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
1c50066f5e498a55bbc886960e14c129Secunia Security Advisory - NGS Secure has reported a vulnerability in the Graph Explorer component for Nagios XI, which can be exploited by malicious people to compromise a vulnerable system.
7e4e80ff45f6e27399d37d7b28142464There is a file handling denial of service in GIMP (the GNU Image Manipulation Program) for the 'fit' file format affecting all versions (Windows and Linux) up to 2.8.0. A file in the fit format with a malformed 'XTENSION' header will cause a crash in the GIMP program. The flaw is triggered by opening a crafted 'fit' file or allowing the file explorer dialog to preview the file. Proof of concept included.
9010e4009599ecb23e4c8ad1ffbd2957Technical Cyber Security Alert 2012-174A - Microsoft Security Advisory (2719615) warns of active attacks using a vulnerability in Microsoft XML Core Services. Microsoft Internet Explorer and Microsoft Office can be used as attack vectors.
e0fdec3f2a778e9ba75f1144d0d64c3eVUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a heap overflow error in the mshtml.dll module when processing "Col" elements, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.
d6f32f221551f0216f61f02dec616d81VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing GetAtomTable objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.
5d685afe090b871b105dae365a1de47bVUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing CollectionCache objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.
beff56c5b350a41521763a35c83c6ac2This Metasploit module exploits a memory corruption flaw in Internet Explorer 8 when handling objects with the same ID property. At the moment this module targets IE8 over Windows XP SP3 through the heap massaging plus heap spray as exploited in the wild.
bfb23efabe40ee9a695408e08e52ae8eCode Audit Labs has discovered that Microsoft Internet Explorer versions 8 and 9 suffer from a use-after-free vulnerability in the developer toolbar.
aecdddb2a5a1025b08e025ff7798ffafCode Audit Labs has discovered a remote code execution vulnerability in Microsoft Internet Explorer 8 due to a use-after-free issue having to do with property ids.
bd95491c06843df2fbded9d5fca6e4e3Zero Day Initiative Advisory 12-093 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles dynamically changed colspans on a column in a table with the table-layout:fixed style. If the colspan is increased after initial creation it will result in a heap overflow. This can lead to remote code execution under the context of the current program.
efdcc8810ffb00c0629532f716357265Secunia Security Advisory - Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to disclose sensitive information, conduct cross-site scripting attacks, and compromise a user's system.
a5b990c9afbe454c589443b27b9f0428This Metasploit module exploits a remote code execution vulnerability in the tsgetx71ex553.dll ActiveX control installed with Tom Sawyer GET Extension Factory due to an incorrect initialization under Internet Explorer. While the Tom Sawyer GET Extension Factory is installed with some versions of VMware Infrastructure Client, this module has been tested only with the versions installed with Embarcadero Technologies ER/Studio XE2 / Embarcadero Studio Portal 1.6. The ActiveX control tested is tsgetx71ex553.dll, version 5.5.3.238. This Metasploit module achieves DEP and ASLR bypass using the well known msvcr71.dll rop chain. The dll is installed by default with the Embarcadero software, and loaded by the targeted ActiveX.
3e7aa29056921982fd5564fee15bd5aaThis Metasploit module exploits a type confusion vulnerability in the OLE32 component of Windows XP SP3. The vulnerability exists in the CPropertyStorage::ReadMultiple function. A Visio document with a specially crafted Summary Information Stream embedded allows to get remote code execution through Internet Explorer, on systems with Visio Viewer installed.
d3c565f4318547e83002b8fd42f13934Secunia Security Advisory - Walied Assar has discovered a vulnerability in PE Explorer, which can be exploited by malicious people to compromise a user's system.
854479d33c329b3c2721c7d528efb2ebPE Explorer version 1.99 R56 suffers from a heap overflow vulnerability.
de77c8df75d41f666d559049cd32e1b4VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the "vgx.dll" component when processing certain VML behaviors, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
430a418df374f4f687210e3faa479f35Radiography is a forensic tool which grabs as much information as possible from a Windows system. It checks registry keys related to start up processes, registry keys with Internet Explorer settings, host file contents, taskScheduler tasks, loaded system drivers, uses WinUnhide to catch hidden processes, and does much more.
3b250869fc03d623c0391fb2eb009c78Technical Cyber Security Alert 2012-101A - There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft Server Software, Microsoft SQL Server, Microsoft Developer Tools, and Microsoft Forefront United Access Gateway. Microsoft has released updates to address these vulnerabilities.
012a55eecbf0aa3febb5ac96e10846ea
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed