VYPR

Internet Explorer

by Microsoft

CVEs (1,725)

  • CVE-2006-3897Jul 27, 2006
    risk 0.05cvss epss 0.27

    Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.

  • CVE-2006-3899Jul 27, 2006
    risk 0.05cvss epss 0.24

    Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside…

  • CVE-2006-3898Jul 27, 2006
    risk 0.05cvss epss 0.24

    Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference.

  • CVE-2006-3729Jul 21, 2006
    risk 0.05cvss epss 0.21

    DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer…

  • CVE-2006-3605Jul 18, 2006
    risk 0.05cvss epss 0.24

    Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference.

  • CVE-2006-3591Jul 18, 2006
    risk 0.05cvss epss 0.26

    Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference.

  • CVE-2006-3513Jul 11, 2006
    risk 0.05cvss epss 0.23

    danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference.

  • CVE-2006-3511Jul 11, 2006
    risk 0.05cvss epss 0.22

    Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference.

  • CVE-2006-3512Jul 11, 2006
    risk 0.05cvss epss 0.24

    Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference.

  • CVE-2006-3471Jul 10, 2006
    risk 0.05cvss epss 0.21

    Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.

  • CVE-2006-3427Jul 7, 2006
    risk 0.05cvss epss 0.24

    Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference.

  • CVE-2006-2094Apr 29, 2006
    risk 0.05cvss epss 0.23

    Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows…

  • CVE-2006-1626Apr 5, 2006
    risk 0.05cvss epss 0.25

    Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash…

  • CVE-2006-0544Feb 4, 2006
    risk 0.05cvss epss 0.22

    urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-"…

  • CVE-2004-2383Dec 31, 2004
    risk 0.05cvss epss 0.20

    Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the…

  • CVE-2004-0484Jul 7, 2004
    risk 0.05cvss epss 0.22

    mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table,…

  • CVE-2003-1025Jan 20, 2004
    risk 0.05cvss epss 0.27

    Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL…

  • CVE-2003-0809Nov 17, 2003
    risk 0.05cvss epss 0.27

    Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.

  • CVE-2003-0701Aug 27, 2003
    risk 0.05cvss epss 0.30

    Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.

  • CVE-2003-0446Jul 24, 2003
    risk 0.05cvss epss 0.23

    Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error…

Page 34 of 87