Internet Explorer Security Vulnerabilities
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability."
8AI Score
0.924EPSS
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability."
8.1AI Score
0.921EPSS
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."
8AI Score
0.921EPSS
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability."
8.1AI Score
0.921EPSS
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
7.7AI Score
0.91EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability."
7.5AI Score
0.78EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."
7.5AI Score
0.78EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability."
7.5AI Score
0.78EPSS
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
6.9AI Score
0.01EPSS
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafte...
5.2AI Score
0.948EPSS
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."
5.6AI Score
0.005EPSS
Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability."
5.6AI Score
0.009EPSS
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
8AI Score
0.921EPSS
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
8.1AI Score
0.971EPSS
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnera...
8.1AI Score
0.971EPSS
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability."
8.1AI Score
0.915EPSS
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability."
8AI Score
0.915EPSS
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability."
8.1AI Score
0.915EPSS
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."
8AI Score
0.915EPSS
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."
8.1AI Score
0.915EPSS
Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability."
6.3AI Score
0.008EPSS
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability."
8.1AI Score
0.867EPSS
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."
8.1AI Score
0.867EPSS
Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."
8.2AI Score
0.854EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use After Free Vulnerability."
7.4AI Score
0.78EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After Free Vulnerability."
7.4AI Score
0.734EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."
7.4AI Score
0.734EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."
7.5AI Score
0.78EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability."
7.5AI Score
0.887EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."
7.5AI Score
0.887EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability."
7.4AI Score
0.887EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wi...
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \127....
5.9AI Score
0.015EPSS
Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vul...
6.2AI Score
0.178EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability."
7.4AI Score
0.879EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability."
7.4AI Score
0.935EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability."
7.4AI Score
0.879EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability."
7.4AI Score
0.919EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."
7.5AI Score
0.834EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability."
7.5AI Score
0.879EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability."
7.5AI Score
0.879EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."
7.3AI Score
0.973EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability."
7.4AI Score
0.834EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerability."
7.4AI Score
0.834EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CObjectElement Use After Free Vulnerability."
7.4AI Score
0.879EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability."
7.4AI Score
0.879EPSS
The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability."
7.5AI Score
0.799EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability."
7.4AI Score
0.924EPSS
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability."
7.4AI Score
0.936EPSS