VYPR

Ie

by Microsoft

CVEs (200)

  • CVE-2008-0076Feb 12, 2008
    risk 0.02cvss epss 0.29

    Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."

  • CVE-2008-0078Feb 12, 2008
    risk 0.02cvss epss 0.29

    Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."

  • CVE-2007-5344Dec 12, 2007
    risk 0.02cvss epss 0.27

    Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or…

  • CVE-2007-5347Dec 12, 2007
    risk 0.02cvss epss 0.28

    Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."

  • CVE-2007-0943Aug 14, 2007
    risk 0.02cvss epss 0.27

    Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.

  • CVE-2007-3550Jul 3, 2007
    risk 0.02cvss epss 0.28

    Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone…

  • CVE-2007-1091Feb 26, 2007
    risk 0.02cvss epss 0.25

    Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.

  • CVE-2006-4697Feb 13, 2007
    risk 0.02cvss epss 0.31

    Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.

  • CVE-2006-5578Dec 12, 2006
    risk 0.02cvss epss 0.21

    Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different…

  • CVE-2006-5577Dec 12, 2006
    risk 0.02cvss epss 0.25

    Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a…

  • CVE-2006-4687Nov 14, 2006
    risk 0.02cvss epss 0.25

    Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

  • CVE-2006-5544Oct 26, 2006
    risk 0.02cvss epss 0.20

    Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL.

  • CVE-2006-3873Sep 12, 2006
    risk 0.02cvss epss 0.29

    Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded…

  • CVE-2006-3640Aug 9, 2006
    risk 0.02cvss epss 0.25

    Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."

  • CVE-2006-3643Aug 9, 2006
    risk 0.02cvss epss 0.20

    Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands,…

  • CVE-2006-2385Jun 13, 2006
    risk 0.02cvss epss 0.20

    Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.

  • CVE-2006-0057Jan 27, 2006
    risk 0.02cvss epss 0.20

    Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting.…

  • CVE-2005-2831Dec 14, 2005
    risk 0.02cvss epss 0.30

    Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet…

  • CVE-2005-4089Dec 8, 2005
    risk 0.02cvss epss 0.22

    Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using…

  • CVE-2005-0054May 2, 2005
    risk 0.02cvss epss 0.24

    Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname,…

Page 6 of 10