VYPR

Internet Explorer

by Microsoft

CVEs (1,725)

  • CVE-2017-0149HigKEVMar 17, 2017
    risk 0.72cvss 8.8epss 0.29

    Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in…

  • CVE-2014-4123HigKEVOct 15, 2014
    risk 0.72cvss 8.8epss 0.40

    Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124.

  • CVE-2017-0210HigKEVApr 12, 2017
    risk 0.71cvss 8.8epss 0.20

    An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege…

  • CVE-2016-0189HigKEVMay 11, 2016
    risk 0.71cvss 7.5epss 0.93

    The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine…

  • CVE-2014-2817HigKEVAug 12, 2014
    risk 0.71cvss 8.8epss 0.26

    Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."

  • CVE-2018-8373HigKEVAug 15, 2018
    risk 0.66cvss 7.5epss 0.62

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is…

  • CVE-2016-3213HigJun 16, 2016
    risk 0.66cvss 8.8epss 0.70

    The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an…

  • CVE-2006-3730HigJul 21, 2006
    risk 0.65cvss 8.8epss 0.64

    Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory…

  • CVE-2016-0199HigJun 16, 2016
    risk 0.64cvss 8.8epss 0.51

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0200 and…

  • CVE-2016-0063HigFeb 10, 2016
    risk 0.64cvss 8.8epss 0.42

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060,…

  • CVE-2013-0090HigMar 13, 2013
    risk 0.63cvss 8.8epss 0.38

    Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."

  • CVE-2009-1547HigOct 14, 2009
    risk 0.63cvss 8.8epss 0.37

    Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."

  • CVE-2016-3351MedKEVSep 14, 2016
    risk 0.62cvss 6.5epss 0.26

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

  • CVE-2016-3324HigSep 14, 2016
    risk 0.62cvss 8.8epss 0.28

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2016-4135HigJun 16, 2016
    risk 0.62cvss 8.8epss 0.17

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2013-7331MedKEVFeb 26, 2014
    risk 0.62cvss 6.5epss 0.58

    The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and…

  • CVE-2016-3211HigJun 16, 2016
    risk 0.60cvss 8.8epss 0.32

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and…

  • CVE-2016-0041HigFeb 10, 2016
    risk 0.60cvss 7.8epss 0.84

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a…

  • CVE-2013-0022CriFeb 13, 2013
    risk 0.60cvss 9.0epss 0.17

    Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."

  • CVE-2012-4787CriDec 12, 2012
    risk 0.60cvss 9.0epss 0.18

    Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free…

Page 2 of 87