VYPR

Internet Explorer

by Microsoft

CVEs (1,725)

  • CVE-2013-5045Dec 11, 2013
    risk 0.04cvss epss 0.17

    Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."

  • CVE-2013-3166Jul 10, 2013
    risk 0.04cvss epss 0.16

    Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS…

  • CVE-2010-3886Oct 8, 2010
    risk 0.04cvss epss 0.17

    The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about…

  • CVE-2010-1175Mar 29, 2010
    risk 0.04cvss epss 0.14

    Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."

  • CVE-2009-3019Aug 31, 2009
    risk 0.04cvss epss 0.17

    Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute…

  • CVE-2009-2764Aug 14, 2009
    risk 0.04cvss epss 0.11

    Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script…

  • CVE-2009-2350Jul 7, 2009
    risk 0.04cvss epss 0.14

    Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the…

  • CVE-2009-1335Apr 17, 2009
    risk 0.04cvss epss 0.16

    Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr.

  • CVE-2009-0369Jan 30, 2009
    risk 0.04cvss epss 0.11

    Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability.

  • CVE-2009-0341Jan 29, 2009
    risk 0.04cvss epss 0.16

    The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.

  • CVE-2008-5551Dec 12, 2008
    risk 0.04cvss epss 0.14

    The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a…

  • CVE-2008-4787Oct 29, 2008
    risk 0.04cvss epss 0.14

    Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related…

  • CVE-2008-2841Jun 24, 2008
    risk 0.04cvss epss 0.15

    Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.

  • CVE-2007-5158Oct 1, 2007
    risk 0.04cvss epss 0.15

    The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a…

  • CVE-2007-3406Jun 26, 2007
    risk 0.04cvss epss 0.11

    Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data…

  • CVE-2007-2718May 16, 2007
    risk 0.04cvss epss 0.16

    Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags.

  • CVE-2007-0811Feb 7, 2007
    risk 0.04cvss epss 0.17

    Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly…

  • CVE-2006-6310Dec 6, 2006
    risk 0.04cvss epss 0.15

    Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown;…

  • CVE-2006-3944Jul 31, 2006
    risk 0.04cvss epss 0.17

    Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b)…

  • CVE-2006-3943Jul 31, 2006
    risk 0.04cvss epss 0.16

    Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.

Page 36 of 87