VYPR

Internet Explorer

by Microsoft

CVEs (1,725)

  • CVE-2006-1245Mar 17, 2006
    risk 0.08cvss epss 0.62

    Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick,…

  • CVE-2006-1016Mar 7, 2006
    risk 0.08cvss epss 0.67

    Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.

  • CVE-2005-2127Aug 19, 2005
    risk 0.08cvss epss 0.64

    Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet…

  • CVE-2005-2087Jul 5, 2005
    risk 0.08cvss epss 0.61

    Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference…

  • CVE-2005-0554May 2, 2005
    risk 0.08cvss epss 0.58

    Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."

  • CVE-2005-0053May 2, 2005
    risk 0.08cvss epss 0.63

    Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

  • CVE-2005-0555Apr 12, 2005
    risk 0.08cvss epss 0.58

    Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."

  • CVE-2004-1050Dec 31, 2004
    risk 0.08cvss epss 0.67

    Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML…

  • CVE-2004-0842Dec 23, 2004
    risk 0.08cvss epss 0.57

    Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as…

  • CVE-2004-0549Aug 6, 2004
    risk 0.08cvss epss 0.61

    The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code…

  • CVE-2004-0380May 4, 2004
    risk 0.08cvss epss 0.63

    The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the…

  • CVE-2019-0667Apr 8, 2019
    risk 0.07cvss epss 0.31

    A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.

  • CVE-2018-8552Nov 14, 2018
    risk 0.07cvss epss 0.51

    An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This…

  • CVE-2014-0282Jun 11, 2014
    risk 0.07cvss epss 0.47

    Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1775,…

  • CVE-2013-0025Feb 13, 2013
    risk 0.07cvss epss 0.56

    Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."

  • CVE-2008-3013Sep 11, 2008
    risk 0.07cvss epss 0.52

    gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital…

  • CVE-2007-5348Sep 11, 2008
    risk 0.07cvss epss 0.53

    Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8,…

  • CVE-2007-3896Oct 11, 2007
    risk 0.07cvss epss 0.54

    The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC,…

  • CVE-2007-4790Sep 10, 2007
    risk 0.07cvss epss 0.55

    Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a…

  • CVE-2007-3111Jun 7, 2007
    risk 0.07cvss epss 0.47

    Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.

Page 20 of 87