Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MicrosoftInternet Explorer

1635 matches found

CVE
CVEadded 2016/03/09 11:59 a.m.45 views

CVE-2016-0107

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105, CVE-2016-0111, CVE-2016-0112, an...

7.6CVSS7.7AI score0.44978EPSS
CVE
CVEadded 2016/09/14 10:59 a.m.45 views

CVE-2016-3291

Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

2.6CVSS4.7AI score0.05161EPSS
CVE
CVEadded 2001/09/12 4:0 a.m.44 views

CVE-1999-1453

Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.

2.6CVSS6.9AI score0.43372EPSS
CVE
CVEadded 2005/04/21 4:0 a.m.44 views

CVE-1999-1577

Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.

5.1CVSS8.3AI score0.30693EPSS
CVE
CVEadded 2001/06/02 4:0 a.m.44 views

CVE-2001-0149

Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.

5CVSS7.4AI score0.43558EPSS
CVE
CVEadded 2001/06/27 4:0 a.m.44 views

CVE-2001-0332

Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and Get...

5CVSS6.5AI score0.18085EPSS
CVE
CVEadded 2005/06/28 4:0 a.m.44 views

CVE-2002-1984

Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".

5CVSS7AI score0.13481EPSS
CVE
CVEadded 2003/05/12 4:0 a.m.44 views

CVE-2003-0114

The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.

5CVSS7.5AI score0.30354EPSS
CVE
CVEadded 2003/07/24 4:0 a.m.44 views

CVE-2003-0447

The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated.

5.1CVSS7.3AI score0.27197EPSS
CVE
CVEadded 2003/08/27 4:0 a.m.44 views

CVE-2003-0530

Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.

7.5CVSS8.1AI score0.23688EPSS
CVE
CVEadded 2004/01/20 5:0 a.m.44 views

CVE-2003-1027

Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerab...

10CVSS7.5AI score0.60933EPSS
CVE
CVEadded 2004/09/01 4:0 a.m.44 views

CVE-2003-1328

The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."

7.5CVSS7.9AI score0.43563EPSS
CVE
CVEadded 2004/07/27 4:0 a.m.44 views

CVE-2004-0566

Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.

7.5CVSS8AI score0.57434EPSS
CVE
CVEadded 2004/07/27 4:0 a.m.44 views

CVE-2004-0719

Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnera...

7.5CVSS6.7AI score0.15583EPSS
CVE
CVEadded 2007/02/07 8:0 p.m.44 views

CVE-2005-4827

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the fi...

7.5CVSS7.3AI score0.18761EPSS
CVE
CVEadded 2006/01/27 10:3 p.m.44 views

CVE-2006-0057

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims tha...

7.5CVSS6.5AI score0.45819EPSS
CVE
CVEadded 2006/10/05 4:4 a.m.44 views

CVE-2006-5162

wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow.

5CVSS6.9AI score0.12413EPSS
CVE
CVEadded 2007/08/14 10:17 p.m.44 views

CVE-2007-1749

Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow.

9.3CVSS7.5AI score0.7827EPSS
CVE
CVEadded 2007/04/26 8:19 p.m.44 views

CVE-2007-2291

CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.

7.5CVSS6.9AI score0.38315EPSS
CVE
CVEadded 2007/06/06 9:30 p.m.44 views

CVE-2007-3092

Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks.

9.3CVSS6.7AI score0.05358EPSS
CVE
CVEadded 2007/06/29 6:30 p.m.44 views

CVE-2007-3493

A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product...

7.5CVSS6.7AI score0.43023EPSS
CVE
CVEadded 2007/06/29 6:30 p.m.44 views

CVE-2007-3497

Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable.

5CVSS6.5AI score0.33486EPSS
CVE
CVEadded 2007/07/03 9:30 p.m.44 views

CVE-2007-3550

Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification D...

7.8CVSS6.8AI score0.27363EPSS
CVE
CVEadded 2008/02/12 11:0 p.m.44 views

CVE-2008-0076

Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."

9.3CVSS8.8AI score0.4845EPSS
CVE
CVEadded 2008/02/12 11:0 p.m.44 views

CVE-2008-0078

Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."

9.3CVSS8.7AI score0.51546EPSS
CVE
CVEadded 2008/12/10 2:0 p.m.44 views

CVE-2008-4259

Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruptio...

9.3CVSS7.2AI score0.55104EPSS
CVE
CVEadded 2009/08/03 2:30 p.m.44 views

CVE-2009-2655

mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second a...

4.3CVSS6.6AI score0.39181EPSS
CVE
CVEadded 2020/03/13 3:15 p.m.44 views

CVE-2009-5159

Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.

6.1CVSS5.9AI score0.00773EPSS
CVE
CVEadded 2010/12/16 7:33 p.m.44 views

CVE-2010-3342

Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than ...

4.3CVSS6.3AI score0.28842EPSS
CVE
CVEadded 2011/12/07 7:55 p.m.44 views

CVE-2010-5071

The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.

5CVSS6.2AI score0.10857EPSS
CVE
CVEadded 2011/12/14 12:55 a.m.44 views

CVE-2011-1992

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."

4.3CVSS5.6AI score0.20441EPSS
CVE
CVEadded 2011/10/12 2:52 a.m.44 views

CVE-2011-2000

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."

9.3CVSS8AI score0.37675EPSS
CVE
CVEadded 2012/12/12 12:55 a.m.44 views

CVE-2012-4782

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."

9.3CVSS7.5AI score0.47929EPSS
CVE
CVEadded 2013/02/13 12:4 p.m.44 views

CVE-2013-0030

The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.29864EPSS
CVE
CVEadded 2013/06/12 3:30 a.m.44 views

CVE-2013-3126

Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer Script Debug Vulnerability."

9.3CVSS7.5AI score0.10842EPSS
CVE
CVEadded 2013/08/14 11:10 a.m.44 views

CVE-2013-3188

Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3189.

9.3CVSS7.6AI score0.2624EPSS
CVE
CVEadded 2013/11/13 12:55 a.m.44 views

CVE-2013-3915

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3917.

9.3CVSS7.6AI score0.30587EPSS
CVE
CVEadded 2014/06/11 4:56 a.m.44 views

CVE-2014-1789

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1790.

9.3CVSS7.7AI score0.64235EPSS
CVE
CVEadded 2014/06/11 4:56 a.m.44 views

CVE-2014-1794

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1797, CVE-2...

9.3CVSS7.5AI score0.54354EPSS
CVE
CVEadded 2014/06/11 4:56 a.m.44 views

CVE-2014-2763

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2...

9.3CVSS7.5AI score0.54354EPSS
CVE
CVEadded 2014/07/08 10:55 p.m.44 views

CVE-2014-2800

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2807 and CVE-2014-2809.

9.3CVSS7.6AI score0.1631EPSS
CVE
CVEadded 2014/09/10 1:55 a.m.44 views

CVE-2014-4101

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4095, and CVE-2014-4096.

9.3CVSS7.6AI score0.16326EPSS
CVE
CVEadded 2014/10/15 10:55 a.m.44 views

CVE-2014-4129

Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3CVSS7.8AI score0.21464EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.44 views

CVE-2015-1753

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015...

9.3CVSS7.6AI score0.29545EPSS
CVE
CVEadded 2015/08/14 10:59 a.m.44 views

CVE-2015-2443

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability."

9.3CVSS7.7AI score0.1631EPSS
CVE
CVEadded 2015/11/11 11:59 a.m.44 views

CVE-2015-6069

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6081.

9.3CVSS7.6AI score0.28139EPSS
CVE
CVEadded 2015/11/11 12:59 p.m.44 views

CVE-2015-6074

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CV...

9.3CVSS7.6AI score0.34114EPSS
CVE
CVEadded 2015/11/11 12:59 p.m.44 views

CVE-2015-6080

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-607...

9.3CVSS7.5AI score0.28139EPSS
CVE
CVEadded 2015/11/11 12:59 p.m.44 views

CVE-2015-6084

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6064 and CVE-2015-6085.

9.3CVSS7.6AI score0.32615EPSS
CVE
CVEadded 2015/12/09 11:59 a.m.44 views

CVE-2015-6148

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6156.

9.3CVSS7.5AI score0.28139EPSS
Total number of security vulnerabilities1635