VYPR

Internet Explorer

by Microsoft

CVEs (1,725)

  • CVE-2007-5277Oct 8, 2007
    risk 0.01cvss epss 0.10

    Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on…

  • CVE-2007-4848Sep 12, 2007
    risk 0.01cvss epss 0.07

    Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or…

  • CVE-2007-4478Aug 22, 2007
    risk 0.01cvss epss 0.11

    Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the…

  • CVE-2007-4227Aug 8, 2007
    risk 0.01cvss epss 0.13

    Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958.

  • CVE-2007-4042Jul 27, 2007
    risk 0.01cvss epss 0.10

    Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

  • CVE-2007-3954Jul 24, 2007
    risk 0.01cvss epss 0.07

    Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto…

  • CVE-2007-3924Jul 21, 2007
    risk 0.01cvss epss 0.14

    Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome…

  • CVE-2007-3576Jul 5, 2007
    risk 0.01cvss epss 0.13

    Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more…

  • CVE-2007-3497Jun 29, 2007
    risk 0.01cvss epss 0.10

    Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable.

  • CVE-2007-3481Jun 28, 2007
    risk 0.01cvss epss 0.16

    Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.…

  • CVE-2007-3341Jun 21, 2007
    risk 0.01cvss epss 0.11

    Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217.

  • CVE-2007-3164Jun 11, 2007
    risk 0.01cvss epss 0.10

    Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform…

  • CVE-2007-3075Jun 6, 2007
    risk 0.01cvss epss 0.16

    Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences.

  • CVE-2007-2292Apr 26, 2007
    risk 0.01cvss epss 0.13

    CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

  • CVE-2007-2161Apr 22, 2007
    risk 0.01cvss epss 0.12

    Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

  • CVE-2007-1114Feb 26, 2007
    risk 0.01cvss epss 0.12

    The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the…

  • CVE-2007-1094Feb 26, 2007
    risk 0.01cvss epss 0.18

    Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.

  • CVE-2006-7029Feb 23, 2007
    risk 0.01cvss epss 0.13

    Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637.

  • CVE-2006-7030Feb 23, 2007
    risk 0.01cvss epss 0.16

    Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.

  • CVE-2006-6956Jan 29, 2007
    risk 0.01cvss epss 0.10

    Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.

Page 75 of 87