VYPR

Internet Explorer

by Microsoft

CVEs (1,725)

  • CVE-2007-1765Mar 30, 2007
    risk 0.07cvss epss 0.54

    Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and…

  • CVE-2007-0024Jan 9, 2007
    risk 0.07cvss epss 0.46

    Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains…

  • CVE-2006-4193Aug 17, 2006
    risk 0.07cvss epss 0.45

    Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME),…

  • CVE-2006-3280Jun 28, 2006
    risk 0.07cvss epss 0.56

    Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that…

  • CVE-2006-3281Jun 28, 2006
    risk 0.07cvss epss 0.48

    Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the…

  • CVE-2006-2766Jun 2, 2006
    risk 0.07cvss epss 0.48

    Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL…

  • CVE-2006-1388Mar 24, 2006
    risk 0.07cvss epss 0.55

    Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.

  • CVE-2005-1990Aug 10, 2005
    risk 0.07cvss epss 0.49

    Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2)…

  • CVE-2005-1989Aug 10, 2005
    risk 0.07cvss epss 0.46

    Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".

  • CVE-2005-1988Aug 10, 2005
    risk 0.07cvss epss 0.46

    Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".

  • CVE-2005-0553May 2, 2005
    risk 0.07cvss epss 0.51

    Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".

  • CVE-2004-1043Dec 31, 2004
    risk 0.07cvss epss 0.45

    Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript…

  • CVE-2004-0841Dec 23, 2004
    risk 0.07cvss epss 0.49

    Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

  • CVE-2004-0214Nov 3, 2004
    risk 0.07cvss epss 0.51

    Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated…

  • CVE-2003-1041Jun 14, 2004
    risk 0.07cvss epss 0.53

    Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm…

  • CVE-2003-0816Feb 3, 2004
    risk 0.07cvss epss 0.48

    Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript,…

  • CVE-2001-1410Aug 18, 2003
    risk 0.07cvss epss 0.51

    Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.

  • CVE-2003-0309Jun 9, 2003
    risk 0.07cvss epss 0.50

    Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which…

  • CVE-2002-1254Dec 11, 2002
    risk 0.07cvss epss 0.51

    Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."

  • CVE-2002-1217Oct 28, 2002
    risk 0.07cvss epss 0.47

    Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses…

Page 21 of 87