Lucene search

K

23 matches found

cve
cve
added 2006/06/07 4:2 p.m.108 views

CVE-2006-2900

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inse...

4CVSS6.5AI score0.17504EPSS
cve
cve
added 2006/02/18 2:2 a.m.52 views

CVE-2006-0753

Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.

2.6CVSS6.5AI score0.16941EPSS
cve
cve
added 2006/04/11 11:2 p.m.51 views

CVE-2006-1192

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerabi...

2.6CVSS6.2AI score0.53049EPSS
cve
cve
added 2006/04/11 11:2 p.m.50 views

CVE-2006-1185

Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.

7.5CVSS7.3AI score0.63986EPSS
cve
cve
added 2006/04/11 11:2 p.m.50 views

CVE-2006-1719

Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.

5CVSS6.6AI score0.19067EPSS
cve
cve
added 2006/09/06 12:4 a.m.50 views

CVE-2006-4560

Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the...

7.5CVSS7.2AI score0.22004EPSS
cve
cve
added 2006/07/06 1:5 a.m.49 views

CVE-2006-3354

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.

5CVSS7AI score0.41065EPSS
cve
cve
added 2006/07/31 11:4 p.m.49 views

CVE-2006-3944

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers ...

5CVSS7.2AI score0.43175EPSS
cve
cve
added 2006/04/11 11:2 p.m.48 views

CVE-2006-1188

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.

7.5CVSS7.2AI score0.63986EPSS
cve
cve
added 2006/07/18 3:47 p.m.48 views

CVE-2006-3657

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.

5CVSS7.2AI score0.30174EPSS
cve
cve
added 2006/07/18 3:47 p.m.46 views

CVE-2006-3659

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.

5CVSS7AI score0.30441EPSS
cve
cve
added 2006/04/11 11:2 p.m.45 views

CVE-2006-1186

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.

10CVSS7.5AI score0.7482EPSS
cve
cve
added 2006/01/27 10:3 p.m.44 views

CVE-2006-0057

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims tha...

7.5CVSS6.5AI score0.45819EPSS
cve
cve
added 2006/08/09 12:4 a.m.42 views

CVE-2006-3643

Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect C...

6CVSS5.4AI score0.29778EPSS
cve
cve
added 2006/08/08 11:4 p.m.41 views

CVE-2006-3637

Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

5.1CVSS7.2AI score0.77254EPSS
cve
cve
added 2006/07/31 11:4 p.m.40 views

CVE-2006-3943

Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.

2.6CVSS7.4AI score0.38257EPSS
cve
cve
added 2006/08/08 11:4 p.m.38 views

CVE-2006-3451

Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.

7.5CVSS7.5AI score0.64171EPSS
cve
cve
added 2006/11/14 9:7 p.m.38 views

CVE-2006-5884

Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.

7.5CVSS6.9AI score0.86871EPSS
cve
cve
added 2006/02/01 2:0 a.m.37 views

CVE-2005-4679

Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.

5CVSS6.9AI score0.08028EPSS
cve
cve
added 2006/08/09 12:4 a.m.37 views

CVE-2006-3639

Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulner...

7.5CVSS7AI score0.45068EPSS
cve
cve
added 2006/08/09 12:4 a.m.37 views

CVE-2006-3640

Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."

5CVSS6.3AI score0.36654EPSS
cve
cve
added 2006/11/14 9:7 p.m.35 views

CVE-2006-4687

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

5.1CVSS7.4AI score0.62172EPSS
cve
cve
added 2006/07/18 3:47 p.m.33 views

CVE-2006-3658

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check.

5CVSS6.9AI score0.30505EPSS