VYPR

Internet Explorer

by Microsoft

CVEs (1,725)

  • CVE-2006-5884Nov 14, 2006
    risk 0.01cvss epss 0.07

    Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and…

  • CVE-2006-5152Oct 5, 2006
    risk 0.01cvss epss 0.11

    Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032.

  • CVE-2006-4888Sep 19, 2006
    risk 0.01cvss epss 0.17

    Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.

  • CVE-2006-3658Jul 18, 2006
    risk 0.01cvss epss 0.13

    Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check.

  • CVE-2006-3657Jul 18, 2006
    risk 0.01cvss epss 0.17

    Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.

  • CVE-2006-3659Jul 18, 2006
    risk 0.01cvss epss 0.15

    Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.

  • CVE-2006-3545Jul 13, 2006
    risk 0.01cvss epss 0.14

    Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags. NOTE: a third party has disputed this issue, stating that the crash does not occur with Microsoft Internet…

  • CVE-2006-3227Jun 26, 2006
    risk 0.01cvss epss 0.14

    Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with…

  • CVE-2006-3200Jun 23, 2006
    risk 0.01cvss epss 0.16

    Unspecified versions of Internet Explorer allow remote attackers to cause a denial of service (crash) via an IFRAME with a src tag containing a "File://" URI followed by an 8-bit character. NOTE: some third parties were unable to verify this issue.

  • CVE-2006-2056Apr 26, 2006
    risk 0.01cvss epss 0.13

    Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook…

  • CVE-2006-0830Feb 21, 2006
    risk 0.01cvss epss 0.14

    The scripting engine in Internet Explorer allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary code via a web page that contains a recurrent call to an infinite loop in Javascript or VBscript, which consumes the stack, as…

  • CVE-2006-0799Feb 19, 2006
    risk 0.01cvss epss 0.08

    Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that…

  • CVE-2006-0753Feb 18, 2006
    risk 0.01cvss epss 0.12

    Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.

  • CVE-2006-0585Feb 8, 2006
    risk 0.01cvss epss 0.15

    jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function,…

  • CVE-2005-4810Dec 31, 2005
    risk 0.01cvss epss 0.14

    Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX).

  • CVE-2005-4844Dec 31, 2005
    risk 0.01cvss epss 0.12

    The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

  • CVE-2005-4843Dec 31, 2005
    risk 0.01cvss epss 0.11

    The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

  • CVE-2005-4842Dec 31, 2005
    risk 0.01cvss epss 0.09

    The System Monitor Source Properties control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

  • CVE-2005-4827Dec 31, 2005
    risk 0.01cvss epss 0.11

    Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return…

  • CVE-2005-4841Dec 31, 2005
    risk 0.01cvss epss 0.09

    The Outlook Progress Ctl control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

Page 76 of 87