1635 matches found
CVE-2006-3591
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference.
CVE-2007-2216
The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFil...
CVE-2007-4478
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with...
CVE-2008-3477
Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-bas...
CVE-2009-2064
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe th...
CVE-2009-2433
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
CVE-2009-2764
Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location.
CVE-2009-4073
The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
CVE-2010-1489
The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.
CVE-2011-2382
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated...
CVE-2014-1762
Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014.
CVE-2014-1778
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-2777.
CVE-2014-1815
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-...
CVE-2014-2760
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-275...
CVE-2014-2786
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2792 and CVE-2014-2813.
CVE-2014-2801
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2014-4095
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4096, and CVE-2014-4101.
CVE-2014-6330
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2014-6339
Microsoft Internet Explorer 8 and 9 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
CVE-2014-8967
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token sequence specifying the run-in value for the display property, leading to improper CElement reference co...
CVE-2015-0037
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0040, and CVE-2015-0066.
CVE-2015-1661
Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
CVE-2015-1694
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1710.
CVE-2015-1704
Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1703.
CVE-2015-1709
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2015-6052
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."
CVE-2015-6064
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6084 and CVE-2015-6085.
CVE-2015-6082
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-607...
CVE-2015-6162
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6152.
CVE-2016-0067
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0063, an...
CVE-2016-3241
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3240 and CVE-2016-3242.
CVE-2016-3261
Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-1999-0469
Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client.
CVE-1999-1578
Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.
CVE-2000-0028
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
CVE-2003-0115
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233.
CVE-2003-0814
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability...
CVE-2004-1043
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as d...
CVE-2005-2831
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of t...
CVE-2006-1192
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerabi...
CVE-2008-1545
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encod...
CVE-2008-5553
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has report...
CVE-2009-0553
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1)...
CVE-2009-1531
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reorder...
CVE-2009-2069
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, ...
CVE-2009-2531
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulne...
CVE-2010-0491
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability."
CVE-2010-2560
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability....
CVE-2010-3327
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnera...
CVE-2010-3330
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."