Internet Explorer
by Microsoft
CVEs (1,725)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-0878 | 0.18 | — | 0.03 | KEV | Sep 11, 2020 | A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully… | ||
| CVE-2018-0942 | Low | 0.17 | 2.6 | 0.03 | Mar 14, 2018 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone… | ||
| CVE-2016-3291 | Low | 0.17 | 2.4 | 0.13 | Sep 14, 2016 | Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | ||
| CVE-2020-0968 | 0.15 | — | 0.30 | KEV | Apr 15, 2020 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970. | ||
| CVE-2018-8653 | 0.15 | — | 0.30 | KEV | Dec 20, 2018 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is… | ||
| CVE-2019-0676 | 0.14 | — | 0.08 | KEV | Mar 6, 2019 | An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'. | ||
| CVE-2021-27085 | 0.12 | — | 0.04 | KEV | Mar 11, 2021 | Internet Explorer Remote Code Execution Vulnerability | ||
| CVE-2019-0768 | 0.10 | — | 0.48 | Apr 9, 2019 | A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'.… | |||
| CVE-2010-3971 | 0.10 | — | 0.82 | Dec 22, 2010 | Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service… | |||
| CVE-2009-0075 | 0.10 | — | 0.85 | Feb 10, 2009 | Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized… | |||
| CVE-2005-1790 | 0.10 | — | 0.83 | Jun 1, 2005 | Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object… | |||
| CVE-2003-0344 | 0.10 | — | 0.81 | Jun 16, 2003 | Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. | |||
| CVE-2018-8631 | 0.09 | — | 0.69 | Dec 12, 2018 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | |||
| CVE-2015-0072 | 0.09 | — | 0.72 | Feb 7, 2015 | Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that… | |||
| CVE-2014-1762 | 0.09 | — | 0.71 | Apr 27, 2014 | Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at… | |||
| CVE-2014-0307 | 0.09 | — | 0.72 | Mar 12, 2014 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption… | |||
| CVE-2011-3389 | 0.09 | — | 0.73 | Sep 6, 2011 | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to… | |||
| CVE-2010-0805 | 0.09 | — | 0.81 | Mar 31, 2010 | The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the… | |||
| CVE-2009-3672 | 0.09 | — | 0.72 | Dec 2, 2009 | Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag… | |||
| CVE-2006-1185 | 0.09 | — | 0.70 | Apr 11, 2006 | Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. |
- risk 0.18cvss —epss 0.03
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully…
- risk 0.17cvss 2.6epss 0.03
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone…
- risk 0.17cvss 2.4epss 0.13
Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
- risk 0.15cvss —epss 0.30
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.
- risk 0.15cvss —epss 0.30
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is…
- risk 0.14cvss —epss 0.08
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.
- risk 0.12cvss —epss 0.04
Internet Explorer Remote Code Execution Vulnerability
- CVE-2019-0768Apr 9, 2019risk 0.10cvss —epss 0.48
A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'.…
- CVE-2010-3971Dec 22, 2010risk 0.10cvss —epss 0.82
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service…
- CVE-2009-0075Feb 10, 2009risk 0.10cvss —epss 0.85
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized…
- CVE-2005-1790Jun 1, 2005risk 0.10cvss —epss 0.83
Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object…
- CVE-2003-0344Jun 16, 2003risk 0.10cvss —epss 0.81
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
- CVE-2018-8631Dec 12, 2018risk 0.09cvss —epss 0.69
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
- CVE-2015-0072Feb 7, 2015risk 0.09cvss —epss 0.72
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that…
- CVE-2014-1762Apr 27, 2014risk 0.09cvss —epss 0.71
Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at…
- CVE-2014-0307Mar 12, 2014risk 0.09cvss —epss 0.72
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption…
- CVE-2011-3389Sep 6, 2011risk 0.09cvss —epss 0.73
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to…
- CVE-2010-0805Mar 31, 2010risk 0.09cvss —epss 0.81
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the…
- CVE-2009-3672Dec 2, 2009risk 0.09cvss —epss 0.72
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag…
- CVE-2006-1185Apr 11, 2006risk 0.09cvss —epss 0.70
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.
Page 18 of 87