Lucene search
+L
MicrosoftInternet Explorer7

385 matches found

CVE
CVE
added 2013/03/11 10:0 a.m.1198 views

CVE-2013-2551

CVE-2013-2551 is a use-after-free vulnerability in Microsoft Internet Explorer (IE 6–10) that allows remote code execution when a crafted web page triggers access to a deleted object. The issue is documented as an internet-explorer use-after-free vulnerability exploited via drive-by pages (notabl...

9.3CVSS8.1AI score0.74096EPSS
In wild
CVE
CVE
added 2012/09/18 10:0 a.m.1125 views

CVE-2012-4969

The CVE-2012-4969 issue is a use-after-free in the CMshtmlEd::Exec function of mshtml.dll used by Microsoft Internet Explorer (IE6–IE9 according to the CVE payload). Exploitation enabled remote code execution via a crafted website; the vulnerability was observed in the wild around September 2012....

9.3CVSS7.5AI score0.81716EPSS
In wild
CVE
CVE
added 2013/10/09 2:44 p.m.1073 views

CVE-2013-3897

CVE-2013-3897 is a use-after-free vulnerability in the CDisplayPointer class of mshtml.dll used by Microsoft Internet Explorer (IE6–IE11). The flaw is triggered via crafted JavaScript using the onpropertychange event, leading to remote code execution or memory corruption. Public discussions and r...

9.3CVSS7.5AI score0.77462EPSS
In wild
CVE
CVE
added 2014/04/27 10:0 a.m.1042 views

CVE-2014-1776

CVE-2014-1776 is a memory‑safety flaw in Microsoft Internet Explorer (versions 6–11) described as a use‑after‑free in CMarkup::IsConnectedToPrimaryMarkup. Exploitation leads to remote code execution or memory corruption, with evidence of in‑the‑wild activity in April 2014. The vulnerability affec...

10CVSS9.4AI score0.88013EPSS
In wild
CVE
CVE
added 2014/02/26 11:0 a.m.978 views

CVE-2013-7331

CVE-2013-7331 is an information-disclosure vulnerability in the Microsoft XMLDOM ActiveX control used by Internet Explorer on Windows (XMLDOM object). The flaw allows an attacker to determine the existence of local pathnames, UNC shares, intranet hostnames, and intranet IP addresses by inspecting...

6.5CVSS6.3AI score0.58023EPSS
In wildWeb
CVE
CVE
added 2015/08/19 10:0 a.m.903 views

CVE-2015-2502

CVE-2015-2502 affects Internet Explorer 7–11 and is a memory-corruption vulnerability triggered by visiting a crafted web site. The issue allows remote code execution (or DoS) and was exploited in the wild around August 2015. Public documentation identifies the affected software as Internet Explo...

9.3CVSS7.6AI score0.51127EPSS
In wild
CVE
CVE
added 2014/10/15 10:0 a.m.900 views

CVE-2014-4123

CVE-2014-4123 affects Microsoft Internet Explorer 7–11. The vulnerability allows remote attackers to gain privileges via a crafted web site (elevation of privilege). Exploitation in the wild was noted in October 2014 (per the CVE description). Mitigation: apply the MS14-056 cumulative update for ...

8.8CVSS6.7AI score0.40289EPSS
In wild
CVE
CVE
added 2014/08/12 9:0 p.m.880 views

CVE-2014-2817

CVE-2014-2817 summary (normal mode) : Affects Microsoft Internet Explorer 6–11, where a crafted web site can escalate privileges to the attacker. Root cause is an elevation of privilege vulnerability in IE; exploitation vector is remote and via a crafted page. Public exploits exist for this vulne...

8.8CVSS7.5AI score0.26349EPSS
In wild
CVE
CVE
added 2013/09/18 10:0 a.m.381 views

CVE-2013-3893

CVE-2013-3893 is a use-after-free in mshtml.dll (Internet Explorer) specifically in SetMouseCapture, exploited via crafted JavaScript (notably through ms-help URLs) to achieve remote code execution across IE 6–11. Connected KEV/CISA entries confirm active exploitation in the wild and classify it ...

9.3CVSS7.5AI score0.8593EPSS
In wildWeb
CVE
CVE
added 2012/12/30 6:0 p.m.353 views

CVE-2012-4792

CVE-2012-4792 is a use-after-free vulnerability in Microsoft Internet Explorer 6–8 that allows remote code execution when a crafted website triggers access to an object (not properly allocated or deleted), exemplified by a CDwnBindInfo object. The issue has been exploited in the wild (Dec 2012). ...

9.3CVSS7.5AI score0.78823EPSS
In wild
CVE
CVE
added 2014/09/10 1:0 a.m.337 views

CVE-2014-4108

Microsoft Internet Explorer 6–11 is the context for CVE-2014-4108 and related advisories. Connected documents describe multiple use-after-free vulnerabilities in IE components (e.g., CAttrArray, CFieldSetLayout, CTableCell, CDataBindTask, CMarkup, CGeneratedTreeNode, etc.) that enable remote code...

9.3CVSS7.6AI score0.15145EPSS
CVE
CVE
added 2013/05/15 1:0 a.m.297 views

CVE-2013-1308

Technical details for CVE-2013-1308 are not publicly provided in the supplied documents. Monitor for updates from official advisories and vulnerability catalogs.

9.3CVSS8.1AI score0.209EPSS
In wild
CVE
CVE
added 2008/12/11 3:0 p.m.292 views

CVE-2008-4844

CVE-2008-4844 is a use-after-free vulnerability in the MSHTML component (CRecordInstance::TransferToDestination) of mshtml.dll that affects Internet Explorer 5.01/6/6 SP1/7. Exploitation enables remote code execution via crafted HTML/XML containing DSO bindings (XML Island, XML DSOs, or Tabular D...

9.3CVSS7.5AI score0.66513EPSS
CVE
CVE
added 2013/05/15 1:0 a.m.283 views

CVE-2013-1309

CVE-2013-1309 corresponds to the Internet Explorer Use-After-Free vulnerability (MS13-037) affecting IE 6–10. The issue arises from use-after-free in memory handling (notably related to CDispNode/vgx.dll) when processing certain web content, enabling remote code execution via a crafted site. Publ...

9.3CVSS8.1AI score0.39109EPSS
In wild
CVE
CVE
added 2012/06/12 10:0 p.m.230 views

CVE-2012-1876

CVE-2012-1876 affects Microsoft Internet Explorer 6–9 and IE10 (Consumer Preview); memory handling flaw when accessing a nonexistent object triggers a heap-based overflow, enabling remote code execution. Exploitation demonstrated (MS12-037), with multiple public exploits and bypass techniques (AS...

9.3CVSS8.1AI score0.64962EPSS
CVE
CVE
added 2010/03/10 10:0 p.m.189 views

CVE-2010-0806

CVE-2010-0806 is a use-after-free in Internet Explorer’s iepeers.dll (affecting IE 6/6 SP1/7). The vulnerability arises from access to an invalid pointer after object deletion, enabling remote code execution. It was exploited in the wild around March 2010. Public fixes include Microsoft Security ...

9.3CVSS7.3AI score0.82172EPSS
In wild
CVE
CVE
added 2015/12/09 11:0 a.m.169 views

CVE-2015-6161

CVE-2015-6161 affects Microsoft Internet Explorer (IE) 7–11 and Microsoft Edge, with the root cause described as a bypass of Address Space Layout Randomization (ASLR) via a crafted web site. Public sources in the connected documents confirm this is mitigated by Microsoft security updates MS15-124...

4.3CVSS6.4AI score0.19747EPSS
CVE
CVE
added 2012/09/21 9:0 p.m.161 views

CVE-2012-2557

Summary of CVE-2012-2557 (CVE-2012-2557): A use-after-free vulnerability in Microsoft Internet Explorer 6–8 can permit remote code execution when a crafted page triggers access to a freed object, commonly associated with cloneNode handling (outerText/ CMarkup context). The issue is described as a...

9.3CVSS7.4AI score0.19496EPSS
CVE
CVE
added 2010/01/22 9:20 p.m.158 views

CVE-2010-0244

CVE-2010-0244 : IE6/6 SP1/7/8 memory corruption via uninitialized/deleted objects leading to remote code execution. According to MS MS09-054, the fix is a cumulative IE security update; install the most current IE update(s) to mitigate. The connected KB entry describes the update path and mention...

9.3CVSS8.7AI score0.20759EPSS
CVE
CVE
added 2012/08/15 1:0 a.m.158 views

CVE-2012-1526

Summary of CVE-2012-1526 : Microsoft Internet Explorer 6 and 7 are affected by a memory handling vulnerability that can allow remote code execution when an attacker accesses an uninitialized or deleted object in memory. The issue, known as Layout Memory Corruption, is exploited via memory object ...

9.3CVSS7.7AI score0.20022EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.155 views

CVE-2012-1879

CVE-2012-1879 affects Microsoft Internet Explorer 6–9. The issue arises from improper handling of objects in memory, allowing remote code execution when an attacker accesses an undefined memory location via insertAdjacentText. Public sources describe this as a remote code execution vulnerability ...

9.3CVSS8.1AI score0.19579EPSS
CVE
CVE
added 2010/01/22 9:20 p.m.154 views

CVE-2010-0248

CVE-2010-0248 affects Microsoft Internet Explorer 6, 6 SP1, 7, and 8, where improper handling of certain memory objects enables remote code execution via an uninitialized or deleted object, leading to memory corruption. The connected data confirms in-the-wild references and public advisories poin...

9.3CVSS8.8AI score0.53085EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.154 views

CVE-2013-0015

Microsoft Internet Explorer 6–9 suffer from a vulnerability in automatic Shift JIS encoding selection, enabling remote attackers to read content from a different domain/zone via a crafted site that triggers cross-domain scrolling events (Shift JIS Character Encoding Vulnerability). This issue cau...

4.3CVSS6.2AI score0.15853EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.153 views

CVE-2013-0019

CVE-2013-0019 is a Use-After-Free vulnerability in Microsoft Internet Explorer 7–10 (Internet Explorer ComWindowProxy UAF) that enables remote code execution when a crafted page accesses a deleted object. The vuln affects IE7–IE10 across Windows client/server lines referenced in the sources, with...

9.3CVSS7.4AI score0.34923EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.152 views

CVE-2012-1880

CVE-2012-1880 corresponds to remote code execution in Microsoft Internet Explorer 6–9 due to improper handling of objects in memory when accessing a deleted object (insertRow). Documents confirm the root cause as memory corruption enabling code execution, with high severity (base score 9.3). Affe...

9.3CVSS8AI score0.24052EPSS
CVE
CVE
added 2010/02/04 7:0 p.m.151 views

CVE-2010-0255

Vulnerability CVE-2010-0255 affects Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8, where IE can render non-HTML local files as HTML documents via dynamic OBJECT tag usage, enabling reading of local files (e.g., index.dat) and bypassing access restrictions. Root cause: IE fails to neutr...

4.3CVSS6.2AI score0.3703EPSS
CVE
CVE
added 2012/02/14 10:0 p.m.151 views

CVE-2012-0011

CVE-2012-0011 relates to Microsoft Internet Explorer 7–9 via MSHTML: a use-after-free in handling of HTML time (t:MEDIA) elements leads to a freed CDispNode reference, enabling remote code execution. ZDI notes IE9 involvement; MS12-010 (2647516) is the official patch. Exploitation context require...

9.3CVSS8AI score0.27418EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.150 views

CVE-2012-1523

CVE-2012-1523 affects Microsoft Internet Explorer 6–8. Root cause: an error in memory handling when accessing a deleted object, leading to remote code execution. Impact: attacker could execute arbitrary code in the user’s security context (no user interaction needed; network vector). Remediation:...

9.3CVSS8AI score0.22475EPSS
CVE
CVE
added 2013/03/13 12:0 a.m.149 views

CVE-2013-0088

CVE-2013-0088 is a use-after-free vulnerability in Microsoft Internet Explorer 6–10 that could allow remote code execution when a user visits a crafted page triggering access to a freed object. Connected sources confirm the vulnerable software range (IE6–IE10) and describe a memory-access flaw th...

9.3CVSS7.4AI score0.19804EPSS
CVE
CVE
added 2012/08/15 1:0 a.m.146 views

CVE-2012-2521

The CVE-2012-2521 issue affects Microsoft Internet Explorer versions 6 through 9, caused by improper handling of in-memory objects which allows an attacker to trigger an out-of-bounds situation by accessing a deleted object, enabling remote code execution. The vulnerability is tied to the Asynchr...

9.3CVSS8.1AI score0.20872EPSS
CVE
CVE
added 2013/05/15 1:0 a.m.146 views

CVE-2013-1297

Summary of CVE-2013-1297 details (from connected docs): Microsoft Internet Explorer versions 6–8 contain a data-access restriction flaw in VBScript that allows remote attackers to perform cross-domain reading of JSON files from a crafted site, described as the JSON Array Information Disclosure Vu...

4.3CVSS6.3AI score0.16777EPSS
CVE
CVE
added 2013/05/15 1:0 a.m.146 views

CVE-2013-1310

CVE-2013-1310 describes a use-after-free vulnerability in Internet Explorer 6 and 7 where remote code execution could be triggered by visiting a crafted webpage that accesses a deleted object. The root cause is a memory-management flaw that can lead to arbitrary code execution in the context of t...

9.3CVSS7.5AI score0.20643EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.145 views

CVE-2010-3328

CVE-2010-3328 is an Uninitialized Memory Corruption vulnerability in Internet Explorer (mshtml.dll) affecting IE6–IE8. The root cause is memory corruption when IE accesses an object that has not been initialized or has been deleted, enabling remote code execution with the caller’s privileges if a...

9.3CVSS8.7AI score0.31932EPSS
CVE
CVE
added 2013/11/13 12:0 a.m.145 views

CVE-2013-3908

Technical details about CVE-2013-3908 are not publicly disclosed in the provided documents. Monitor for updates from connected sources for affected products, root cause, impact, and available fixes.

4.3CVSS5.9AI score0.363EPSS
CVE
CVE
added 2012/02/14 10:0 p.m.144 views

CVE-2012-0010

CVE-2012-0010 affects Microsoft Internet Explorer 6–9, where copy-and-paste operations could disclose information from another domain or security zone via a crafted webpage (information disclosure). Multiple connected sources confirm a related MS12-010 update (2647516) addressing IE vulnerabiliti...

4.3CVSS6.2AI score0.14099EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.144 views

CVE-2013-0021

CVE-2013-0021 is a use-after-free vulnerability in Microsoft Internet Explorer (IE) versions 6 through 10. The flaw arises when IE accesses an in‑memory object after it has been freed, enabling a remote attacker to execute arbitrary code on the affected system when a user visits a crafted webpage...

9.3CVSS7.4AI score0.21185EPSS
CVE
CVE
added 2013/03/13 12:0 a.m.143 views

CVE-2013-0089

CVE-2013-0089 is a use-after-free vulnerability in Microsoft IE versions 6–10 (CMarkupBehaviorContext) that could allow remote code execution when a user visits a crafted page. Root cause: accessing a deleted object in memory. Impact: remote code execution with the user’s rights (no user interact...

9.3CVSS7.4AI score0.18477EPSS
CVE
CVE
added 2012/04/10 9:0 p.m.142 views

CVE-2012-0170

Microsoft Internet Explorer (notably IE6/IE7) contains a memory handling vulnerability related to OnReadyStateChange where accessing a deleted object can lead to remote code execution. The CVE-2012-0170 entry is associated with multiple advisories; Microsoft issued MS12-023 (Cumulative Security U...

9.3CVSS8.1AI score0.22368EPSS
CVE
CVE
added 2014/02/12 2:0 a.m.142 views

CVE-2014-0285

CVE-2014-0285 : Microsoft Internet Explorer 6–11 is affected by a memory corruption vulnerability that allows remote code execution or a denial of service when a user visits a crafted web site. The issue is described as part of a family of IE memory corruption vulnerabilities (distinct from CVE-2...

9.3CVSS7.6AI score0.24709EPSS
CVE
CVE
added 2013/03/13 12:0 a.m.141 views

CVE-2013-0087

CVE-2013-0087 is a use-after-free vulnerability in Microsoft Internet Explorer 6–10 caused by a fault in the MSHTML code path (CElement::EnsureRecalcNotify) when handling onResize/onMove events. A crafted web page can trigger access to a freed object, enabling remote code execution. The vulnerabi...

9.3CVSS7.4AI score0.18477EPSS
CVE
CVE
added 2009/02/10 10:13 p.m.140 views

CVE-2009-0075

The CVE-2009-0075 issue affects Microsoft Internet Explorer (IE7/IE8) on Windows platforms as described in the connected advisories and MS09-002 update. The root cause is an uninitialized memory corruption when IE accesses an object that has been deleted, leading to remote code execution via a cr...

9.3CVSS7.2AI score0.85277EPSS
CVE
CVE
added 2012/04/10 9:0 p.m.140 views

CVE-2012-0172

CVE-2012-0172 affects Microsoft Internet Explorer 6–8. The issue is a use-after-free in the vgx.dll path while processing certain VML behaviors, enabling remote code execution when a user visits a malicious page. Affected products include IE6/7/8 on multiple Windows versions; the root cause is me...

9.3CVSS8AI score0.21897EPSS
CVE
CVE
added 2012/04/10 9:0 p.m.139 views

CVE-2012-0171

CVE-2012-0171 affects Microsoft Internet Explorer 6–9. The vulnerability arises from how IE handles in-memory objects; accessing a deleted object can lead to memory corruption and remote code execution. Connected sources confirm this is the well-known “SelectAll Remote Code Execution Vulnerabilit...

9.3CVSS8.1AI score0.27059EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.139 views

CVE-2012-1877

CVE-2012-1877 is a remote code execution vulnerability in Microsoft Internet Explorer 6–9 caused by improper handling of objects in memory, allowing an attacker to run arbitrary code by accessing a deleted object. Multiple connected sources (including the NVD entry for CVE-2012-1877 and OpenVAS/N...

9.3CVSS8.1AI score0.24052EPSS
CVE
CVE
added 2012/08/15 1:0 a.m.139 views

CVE-2012-2522

CVE-2012-2522 affects Microsoft Internet Explorer 6–9. The vulnerability arises from improper handling of memory objects, enabling a remote attacker to execute arbitrary code by accessing a corrupted virtual function table after it has been deleted (Virtual Function Table Corruption Remote Code E...

9.3CVSS8.1AI score0.24506EPSS
CVE
CVE
added 2013/12/11 12:0 a.m.139 views

CVE-2013-5048

CVE-2013-5048 concerns Microsoft Internet Explorer (IE) versions 6–11. The vulnerability is described as a memory corruption flaw triggered by visiting a crafted web site, enabling remote code execution or a denial of service. The connected records corroborate the same issue across multiple sourc...

9.3CVSS7.6AI score0.12635EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.138 views

CVE-2012-1873

Microsoft Internet Explorer 7–9 are affected by CVE-2012-1873 (Null Byte Information Disclosure). The issue stems from improper creation and initialization of string data, enabling remote attackers to extract sensitive information from the browser process memory via a crafted HTML document. The v...

4.3CVSS5.6AI score0.18259EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.138 views

CVE-2013-3205

CVE-2013-3205 is a vulnerability in Microsoft Internet Explorer 6–8 that allows remote code execution or memory corruption when processing a crafted web page. The connected sources describe a use-after-free flaw in IE’s caret handling (CCaret) within mshtml, where freeing CCaret via document.writ...

9.3CVSS7.6AI score0.66277EPSS
CVE
CVE
added 2013/12/11 12:0 a.m.138 views

CVE-2013-5047

CVE-2013-5047 affects Microsoft Internet Explorer (IE) versions 6–11. The description and connected records consistently describe memory corruption vulnerabilities in IE that could allow remote code execution or a denial of service via a crafted web site. The CVE entry is linked to MS13-097 (Cumu...

9.3CVSS7.6AI score0.1253EPSS
CVE
CVE
added 2013/03/13 12:0 a.m.137 views

CVE-2013-0092

CVE-2013-0092 is a use-after-free vulnerability in Microsoft Internet Explorer 6–10 that enables remote code execution when a user visits a crafted page exploiting an access to a deleted object (GetMarkupPtr use-after-free). The issue is documented across multiple sources (IE GetMarkupPtr Use Aft...

9.3CVSS7.4AI score0.28194EPSS
Total number of security vulnerabilities385