Lucene search
K
MicrosoftInternet Explorer*

30 matches found

CVE
CVE
added 2017/11/15 3:0 a.m.124 views

CVE-2017-11843

CVE-2017-11843 affects ChakraCore and Microsoft Edge; described as a memory-corruption vulnerability in the scripting engine that lets an attacker gain the current user’s rights by manipulating in-memory objects. GHSA advisories indicate impact on Windows 10 (versions 1703 and 1709) and Windows S...

7.6CVSS7.5AI score0.08474EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.120 views

CVE-2017-11791

CVE-2017-11791 is described in the provided documents as an information-disclosure vulnerability affecting the scripting engine in ChakraCore/Internet Explorer. The vulnerability arises from how objects are handled in memory and is reported for Internet Explorer and ChakraCore components on Windo...

3.1CVSS4.7AI score0.05487EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.118 views

CVE-2017-8741

CVE-2017-8741 affects Internet Explorer/Edge rendering engines in Windows platforms; the vulnerability arises from how scripting engines render objects in memory, enabling an attacker to execute arbitrary code in the context of the current user. The Nessus-derived details describe a remote-code-e...

7.6CVSS7.2AI score0.11923EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.115 views

CVE-2017-11837

CVE-2017-11837 affects ChakraCore/Edge scripting engine memory handling. Root cause: memory corruption when manipulating JavaScript objects in memory, enabling an attacker to execute code with the current user’s privileges. Affected products include ChakraCore and Microsoft Edge on Windows 10 (17...

7.6CVSS7.5AI score0.08546EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.110 views

CVE-2017-11846

CVE-2017-11846 affects ChakraCore and Edge/IE scripting engine in Windows 7 SP1, Windows Server 2008/2008 R2, 8.1, 10 (various builds), and Windows Server 2012/2012 R2, with memory handling in the scripting engine leading to memory corruption. The vulnerability could allow an attacker to execute ...

7.5CVSS7.5AI score0.07701EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.104 views

CVE-2017-11858

CVE-2017-11858 is related to ChakraCore/Edge memory corruption via the scripting engine, enabling a user-rights gain by manipulating in-memory objects. Affected components include ChakraCore and Microsoft Edge on Windows 10 versions 1703/1709 and Windows Server equivalents, tied to how memory obj...

7.6CVSS7.6AI score0.08358EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.96 views

CVE-2017-8748

CVE-2017-8748 is a remote code execution vulnerability in Internet Explorer (and IE components in Edge) caused by how the browser’s JavaScript engines render in-memory objects. The issue affects multiple Windows versions listed in the CVE and is described in the September 2017 IE security updates...

7.6CVSS7.2AI score0.11771EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.91 views

CVE-2017-11838

CVE-2017-11838 affects ChakraCore and Microsoft Edge in Windows environments (various versions listed in the initial entry). The vulnerability arises from how the scripting engine handles objects in memory, leading to memory corruption that could allow an attacker to execute code with the same us...

7.6CVSS7.5AI score0.08546EPSS
CVE
CVE
added 2008/01/25 12:0 a.m.88 views

CVE-2008-0454

The CVE-2008-0454 entry concerns Skype on Windows where cross-zone scripting is possible through the Internet Explorer web control. Specifically, in Skype 3.6.0.244 (and earlier 3.5.x/3.6.x), a user-assisted attacker could inject arbitrary web script/HTML in the Local Machine Zone via the Title f...

9.3CVSS6.2AI score0.25198EPSS
CVE
CVE
added 2008/11/12 11:0 p.m.85 views

CVE-2008-4029

CVE-2008-4029 relates to a cross-domain scripting vulnerability in Microsoft XML Core Services 3.0/4.0 (MSXML) used by Internet Explorer. The issue stems from improper error checking for external DTDs in XML documents, enabling a crafted XML to leak information to another domain. Microsoft MS08-0...

4.3CVSS5.5AI score0.26737EPSS
CVE
CVE
added 2011/08/09 7:0 p.m.81 views

CVE-2008-7295

CVE-2008-7295 : Affects Microsoft Internet Explorer by failing to properly restrict modifications to cookies set over HTTPS, allowing a man-in-the-middle attacker to overwrite or delete cookies via a Set-Cookie header in an HTTP response. Root cause cited as lack of HTTP Strict Transport Security...

5.8CVSS6.6AI score0.05105EPSS
CVE
CVE
added 2004/06/15 4:0 a.m.73 views

CVE-2004-0549

The CVE-2004-0549 vulnerability is a cross-domain navigation/redirect issue in the Internet Explorer rendering stack (WebBrowser ActiveX or MSHTML) used by IE6 and other IE-enabled components. A remote attacker could abuse navigation via delayed HTTP redirects (or manipulated Location headers) an...

10CVSS7.8AI score0.61057EPSS
CVE
CVE
added 2010/05/07 5:43 p.m.73 views

CVE-2010-1852

CVE-2010-1852 concerns Microsoft Internet Explorer when the Invisible Hand extension runs. The cited data describe that cookies are used during background HTTP requests in an unexpected manner, which could allow remote web servers to identify users and their product searches via HTTP request logg...

4.3CVSS6.8AI score0.04241EPSS
CVE
CVE
added 2008/07/07 5:0 p.m.70 views

CVE-2008-3023

Summary: CVE-2008-3023 is an XSS vulnerability in FreeStyle Wiki affecting 3.6.2 and earlier, and 3.6.3 dev3 and earlier, where Internet Explorer could execute arbitrary script via unspecified vectors. The condition is that IE-based rendering allows injected HTML/script, with impact described as ...

4.3CVSS5.6AI score0.11811EPSS
CVE
CVE
added 2007/05/16 7:0 p.m.67 views

CVE-2007-2718

CVE-2007-2718 describes a cross-site scripting (XSS) vulnerability in the WebMail component of Stalker CommuniGate Pro 5.1.8 and earlier when accessed via Microsoft Internet Explorer . The issue allows a remote attacker to inject arbitrary web script or HTML through crafted STYLE tags . The vulne...

4.3CVSS5.7AI score0.16363EPSS
CVE
CVE
added 2009/01/20 4:0 p.m.65 views

CVE-2008-5912

CVE-2008-5912 is an information-disclosure issue affecting Microsoft Internet Explorer. Connected scanners describe an IE information-disclosure vulnerability where a JavaScript-related function exposes a “temporary footprint” during an active user login, which could ease in-session phishing by p...

2.1CVSS6.7AI score0.07845EPSS
CVE
CVE
added 2007/07/24 5:0 p.m.62 views

CVE-2007-3954

Technical details for CVE-2007-3954 are not publicly available in the provided connected documents. The materials do not specify affected products, versions, impact, exploit status, or remediation. Monitor for updates and rely on official advisories for precise information.

4.3CVSS8AI score0.29355EPSS
CVE
CVE
added 2007/07/21 12:0 a.m.61 views

CVE-2007-3924

CVE-2007-3924 describes an argument-injection vulnerability in Internet Explorer when Netscape is installed and certain URIs are registered. The issue arises from IE not properly delimiting the URL argument when invoking Netscape, allowing remote attackers to perform cross-browser scripting and e...

9.3CVSS8AI score0.13631EPSS
CVE
CVE
added 2008/07/14 11:0 p.m.61 views

CVE-2008-3173

Microsoft Internet Explorer is affected by CVE-2008-3173, where web sites can set cookies for domains with a public suffix containing more than one dot, enabling session fixation and potential HTTP session hijacking. The issue is tied to an insufficient fix for CVE-2004-0866, suggesting a remedia...

6.8CVSS6.4AI score0.11314EPSS
CVE
CVE
added 2007/01/29 4:0 p.m.60 views

CVE-2006-6956

CVE-2006-6956 affects Microsoft Internet Explorer. The vulnerability arises when a web page contains a large number of nested marquee tags, which can cause a remote denial-of-service crash. Connected sources confirm the DoS impact linked to the marquee nesting issue (related to CVE-2006-2723). Th...

4.3CVSS6.4AI score0.10032EPSS
CVE
CVE
added 2010/06/24 5:0 p.m.60 views

CVE-2010-2442

CVE-2010-2442 concerns Microsoft Internet Explorer (noted as IE 8 or similar) where the browser does not properly restrict focus changes, enabling a remote attacker to read keystrokes through cross-domain IFRAME gadgets. The primary affected component is the browser’s handling of focus and cross-...

4.3CVSS6.8AI score0.11605EPSS
CVE
CVE
added 2008/01/25 3:0 p.m.59 views

CVE-2008-0460

CVE-2008-0460 affects MediaWiki up to 1.11.x (and BotQuery extension up to 1.7 and earlier) where an XSS vulnerability in api.php can inject arbitrary script/HTML when viewed in Internet Explorer. The vulnerability impacts multiple legacy MediaWiki versions (1.11 through 1.11.0rc1, 1.10.x, 1.9.x,...

4.3CVSS5.4AI score0.14562EPSS
CVE
CVE
added 2007/07/24 6:0 p.m.56 views

CVE-2007-3958

The CVE-2007-3958 entry concerns Microsoft Windows Explorer (explorer.exe) and a denial of service triggered by processing a crafted GIF file (Art.gif). The connected NVD entry confirms the vulnerability is user-assisted and affects GIF parsing, leading to a denial of service. The description doe...

7.1CVSS6.4AI score0.24603EPSS
CVE
CVE
added 2007/07/21 12:0 a.m.55 views

CVE-2007-3930

The CVE-2007-3930 entry concerns a XSS vulnerability in DokuWiki’s spellchecker backend. Affects DokuWiki spellcheck.php (lib/exe/spellcheck.php) where the spell_utf8test path triggers HTML document identification and script execution by Internet Explorer when validating UTF-8 messages, even if t...

4.3CVSS5.5AI score0.19242EPSS
Web
CVE
CVE
added 2010/02/18 5:19 p.m.55 views

CVE-2010-0652

CVE-2010-0652 affects Microsoft Internet Explorer. The issue: cross-origin loading of CSS stylesheets when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, enabling remote servers to obtain sensitive information via a crafted document. This description ...

4.3CVSS6.2AI score0.04949EPSS
CVE
CVE
added 2008/06/24 7:0 p.m.54 views

CVE-2008-2841

The CVE-2008-2841 entry concerns XChat on Windows (versions 2.8.7b and earlier). The root cause is an argument injection vulnerability that occurs when Internet Explorer is used, allowing remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. The connected d...

6.8CVSS7.8AI score0.15379EPSS
CVE
CVE
added 2007/10/06 9:0 p.m.53 views

CVE-2004-2704

HastyMail (PHP-based mail client) does not send the attachment parameter in the Content-Disposition header for attachments in versions ≤1.0.1 (stable) and ≤1.1 (development). This causes attachments to render inline in Internet Explorer when the download link is clicked, facilitating cross-site s...

4.3CVSS5.8AI score0.0473EPSS
CVE
CVE
added 2005/06/02 4:0 a.m.52 views

CVE-2005-1829

Microsoft Internet Explorer 6 SP2 is affected by CVE-2005-1829. The vulnerability allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other. The available sources describe the issue at a high level (DoS through crafted e...

5CVSS7AI score0.12718EPSS
CVE
CVE
added 2007/06/06 10:0 a.m.52 views

CVE-2007-3075

CVE-2007-3075: Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme (e.g., encoded backslash). The connected documents confirm the vulnerability description but do not spec...

7.8CVSS6.8AI score0.16447EPSS
CVE
CVE
added 2011/01/07 10:0 p.m.52 views

CVE-2011-0347

This CVE (CVE-2011-0347) corresponds to a high-severity vulnerability in Microsoft Internet Explorer on Windows XP, involving an incorrect GUI display triggered via DOM-related vectors (cross_fuzz). The OpenVAS entries group this under a Windows Shell/IE flaw (MS11-006) with a CVSS v2 base score ...

9.3CVSS7.1AI score0.22292EPSS