VYPR

Ie

by Microsoft

CVEs (200)

  • CVE-2006-3730HigJul 21, 2006
    risk 0.65cvss 8.8epss 0.64

    Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory…

  • CVE-2003-0344Jun 16, 2003
    risk 0.10cvss epss 0.81

    Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.

  • CVE-2006-4777Sep 14, 2006
    risk 0.09cvss epss 0.79

    Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations…

  • CVE-2006-1185Apr 11, 2006
    risk 0.09cvss epss 0.70

    Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.

  • CVE-2002-1142Nov 29, 2002
    risk 0.09cvss epss 0.76

    Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.

  • CVE-2007-0217Feb 13, 2007
    risk 0.08cvss epss 0.61

    The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.

  • CVE-2006-4446Aug 30, 2006
    risk 0.08cvss epss 0.60

    Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large…

  • CVE-2006-1188Apr 11, 2006
    risk 0.08cvss epss 0.57

    Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.

  • CVE-2006-1186Apr 11, 2006
    risk 0.08cvss epss 0.58

    Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.

  • CVE-2006-1359Mar 23, 2006
    risk 0.08cvss epss 0.68

    Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.

  • CVE-2006-1245Mar 17, 2006
    risk 0.08cvss epss 0.62

    Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick,…

  • CVE-2005-2087Jul 5, 2005
    risk 0.08cvss epss 0.61

    Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference…

  • CVE-2005-0053May 2, 2005
    risk 0.08cvss epss 0.63

    Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

  • CVE-2004-1050Dec 31, 2004
    risk 0.08cvss epss 0.67

    Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML…

  • CVE-2004-0842Dec 23, 2004
    risk 0.08cvss epss 0.57

    Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as…

  • CVE-2004-0212Aug 6, 2004
    risk 0.08cvss epss 0.67

    Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a…

  • CVE-2007-1765Mar 30, 2007
    risk 0.07cvss epss 0.54

    Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and…

  • CVE-2007-0024Jan 9, 2007
    risk 0.07cvss epss 0.46

    Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains…

  • CVE-2006-4193Aug 17, 2006
    risk 0.07cvss epss 0.45

    Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME),…

  • CVE-2006-2766Jun 2, 2006
    risk 0.07cvss epss 0.48

    Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL…

Page 1 of 10