VYPR

Internet Explorer

by Microsoft

CVEs (1,725)

  • CVE-2020-0878KEVSep 11, 2020
    risk 0.18cvss epss 0.03

    A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully…

  • CVE-2018-0942LowMar 14, 2018
    risk 0.17cvss 2.6epss 0.03

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone…

  • CVE-2016-3291LowSep 14, 2016
    risk 0.17cvss 2.4epss 0.13

    Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

  • CVE-2020-0968KEVApr 15, 2020
    risk 0.15cvss epss 0.30

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.

  • CVE-2018-8653KEVDec 20, 2018
    risk 0.15cvss epss 0.30

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is…

  • CVE-2019-0676KEVMar 6, 2019
    risk 0.14cvss epss 0.08

    An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.

  • CVE-2021-27085KEVMar 11, 2021
    risk 0.12cvss epss 0.04

    Internet Explorer Remote Code Execution Vulnerability

  • CVE-2019-0768Apr 9, 2019
    risk 0.10cvss epss 0.48

    A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'.…

  • CVE-2010-3971Dec 22, 2010
    risk 0.10cvss epss 0.82

    Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2009-0075Feb 10, 2009
    risk 0.10cvss epss 0.85

    Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized…

  • CVE-2005-1790Jun 1, 2005
    risk 0.10cvss epss 0.83

    Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object…

  • CVE-2003-0344Jun 16, 2003
    risk 0.10cvss epss 0.81

    Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.

  • CVE-2018-8631Dec 12, 2018
    risk 0.09cvss epss 0.69

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.

  • CVE-2015-0072Feb 7, 2015
    risk 0.09cvss epss 0.72

    Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that…

  • CVE-2014-1762Apr 27, 2014
    risk 0.09cvss epss 0.71

    Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at…

  • CVE-2014-0307Mar 12, 2014
    risk 0.09cvss epss 0.72

    Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption…

  • CVE-2011-3389Sep 6, 2011
    risk 0.09cvss epss 0.73

    The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to…

  • CVE-2010-0805Mar 31, 2010
    risk 0.09cvss epss 0.81

    The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the…

  • CVE-2009-3672Dec 2, 2009
    risk 0.09cvss epss 0.72

    Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag…

  • CVE-2006-1185Apr 11, 2006
    risk 0.09cvss epss 0.70

    Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.

Page 18 of 87