VYPR

Ie

by Microsoft

CVEs (200)

  • CVE-2009-2433Jul 10, 2009
    risk 0.05cvss epss 0.19

    Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.

  • CVE-2008-2281May 18, 2008
    risk 0.05cvss epss 0.23

    Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences,…

  • CVE-2007-1499Mar 17, 2007
    risk 0.05cvss epss 0.30

    Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation…

  • CVE-2006-7065Mar 2, 2007
    risk 0.05cvss epss 0.20

    Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.

  • CVE-2006-4495Aug 31, 2006
    risk 0.05cvss epss 0.20

    Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.

  • CVE-2006-4219Aug 18, 2006
    risk 0.05cvss epss 0.21

    The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.

  • CVE-2006-3513Jul 11, 2006
    risk 0.05cvss epss 0.23

    danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference.

  • CVE-2006-3471Jul 10, 2006
    risk 0.05cvss epss 0.21

    Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.

  • CVE-2006-2094Apr 29, 2006
    risk 0.05cvss epss 0.23

    Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows…

  • CVE-2006-0544Feb 4, 2006
    risk 0.05cvss epss 0.22

    urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-"…

  • CVE-2004-2383Dec 31, 2004
    risk 0.05cvss epss 0.20

    Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the…

  • CVE-2004-0479Jul 7, 2004
    risk 0.05cvss epss 0.26

    Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.

  • CVE-2003-0809Nov 17, 2003
    risk 0.05cvss epss 0.27

    Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.

  • CVE-2003-0701Aug 27, 2003
    risk 0.05cvss epss 0.28

    Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.

  • CVE-2002-1714Dec 31, 2002
    risk 0.05cvss epss 0.19

    Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.

  • CVE-2000-0028Dec 23, 1999
    risk 0.05cvss epss 0.23

    Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.

  • CVE-2007-0811Feb 7, 2007
    risk 0.04cvss epss 0.17

    Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly…

  • CVE-2007-0356Jan 19, 2007
    risk 0.04cvss epss 0.17

    The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.

  • CVE-2006-6659Dec 20, 2006
    risk 0.04cvss epss 0.16

    The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.

  • CVE-2006-3943Jul 31, 2006
    risk 0.04cvss epss 0.16

    Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.

Page 3 of 10