Ie Security Vulnerabilities and Issues — Ie CVE List

Lucene search

MicrosoftIe

8 matches found

CVE•added 2009/04/15 8:0 a.m.•91 views

CVE-2009-0550

Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vi...

9.3CVSS6.9AI score0.34824EPSS

CVE•added 2009/07/22 6:30 p.m.•75 views

CVE-2009-2576

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affe...

5CVSS6.4AI score0.30084EPSS

CVE•added 2009/06/15 7:30 p.m.•67 views

CVE-2009-2057

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampe...

5.8CVSS7.1AI score0.11952EPSS

CVE•added 2009/12/09 6:30 p.m.•63 views

CVE-2009-3671

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a diff...

9.3CVSS7.2AI score0.61042EPSS

CVE•added 2009/04/15 8:0 a.m.•62 views

CVE-2009-0552

Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2)...

9.3CVSS7.5AI score0.53437EPSS

CVE•added 2009/07/10 9:0 p.m.•52 views

CVE-2009-2433

Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.

4.3CVSS7.8AI score0.18729EPSS

CVE•added 2009/06/15 7:30 p.m.•50 views

CVE-2009-2069

Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, ...

5.8CVSS6.5AI score0.02947EPSS

CVE•added 2009/10/14 10:30 a.m.•46 views

CVE-2009-2529

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."

9.3CVSS7.2AI score0.26343EPSS