Ie Security Vulnerabilities and Issues — Ie CVE List

Lucene search

MicrosoftIe

8 matches found

CVE•added 2007/02/26 11:28 p.m.•57 views

CVE-2007-1114

The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set...

4.3CVSS5.7AI score0.20682EPSS

CVE•added 2007/02/13 10:28 p.m.•48 views

CVE-2007-0217

The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.

10CVSS7.2AI score0.76216EPSS

CVE•added 2007/02/13 10:28 p.m.•47 views

CVE-2006-4697

Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.

9.3CVSS7.5AI score0.54438EPSS

CVE•added 2007/02/07 8:0 p.m.•44 views

CVE-2005-4827

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the fi...

7.5CVSS7.3AI score0.18761EPSS

CVE•added 2007/02/13 11:28 p.m.•43 views

CVE-2007-0219

Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.

10CVSS7.6AI score0.6131EPSS

CVE•added 2007/02/26 11:28 a.m.•43 views

CVE-2007-1091

Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.

6.8CVSS6.3AI score0.49661EPSS

CVE•added 2007/02/23 3:28 a.m.•37 views

CVE-2006-7030

Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.

5CVSS7AI score0.30084EPSS

CVE•added 2007/02/07 11:28 a.m.•36 views

CVE-2007-0811

Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementB...

4.3CVSS6.6AI score0.46521EPSS