Lucene search

K
MicrosoftInternet Explorer

68 matches found

CVE
CVE
added 2006/07/21 2:3 p.m.93 views

CVE-2006-3730

Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.

9.3CVSS7.6AI score0.88442EPSS
CVE
CVE
added 2006/03/23 12:6 a.m.73 views

CVE-2006-1359

Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.

9.3CVSS7.3AI score0.87602EPSS
CVE
CVE
added 2006/02/21 11:2 p.m.61 views

CVE-2006-0830

The scripting engine in Internet Explorer allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary code via a web page that contains a recurrent call to an infinite loop in Javascript or VBscript, which consumes the stack, as demonstrated by resetti...

7.5CVSS7.5AI score0.32858EPSS
CVE
CVE
added 2006/09/19 7:7 p.m.58 views

CVE-2006-4868

Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter ...

9.3CVSS7.7AI score0.65962EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.56 views

CVE-2006-1189

Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability."

10CVSS7.5AI score0.54023EPSS
CVE
CVE
added 2006/06/13 7:6 p.m.55 views

CVE-2006-1303

Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTr...

9.3CVSS7.7AI score0.58944EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.54 views

CVE-2006-1191

Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site.

4CVSS6AI score0.50278EPSS
CVE
CVE
added 2006/07/18 3:37 p.m.54 views

CVE-2006-3605

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference.

5CVSS6.9AI score0.22127EPSS
CVE
CVE
added 2006/10/05 4:4 a.m.54 views

CVE-2006-5152

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032.

6.8CVSS5.6AI score0.66127EPSS
CVE
CVE
added 2006/02/19 9:2 p.m.53 views

CVE-2006-0799

Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look...

4CVSS6.4AI score0.37165EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.52 views

CVE-2006-1190

Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.

10CVSS7.1AI score0.78378EPSS
CVE
CVE
added 2006/03/24 8:2 p.m.52 views

CVE-2006-1388

Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.

7.5CVSS6.7AI score0.67459EPSS
CVE
CVE
added 2006/06/26 4:5 p.m.52 views

CVE-2006-3227

Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which...

2.6CVSS6.7AI score0.30898EPSS
CVE
CVE
added 2006/07/18 3:37 p.m.52 views

CVE-2006-3591

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference.

5CVSS6.9AI score0.1755EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.51 views

CVE-2006-1192

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerabi...

2.6CVSS6.2AI score0.53049EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.50 views

CVE-2006-1185

Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.

7.5CVSS7.3AI score0.63986EPSS
CVE
CVE
added 2006/04/29 10:2 a.m.50 views

CVE-2006-2094

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers ...

5.1CVSS6.6AI score0.34906EPSS
CVE
CVE
added 2006/04/05 10:4 a.m.49 views

CVE-2006-1626

Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still...

4.3CVSS6.5AI score0.53049EPSS
CVE
CVE
added 2006/07/06 1:5 a.m.49 views

CVE-2006-3354

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.

5CVSS7AI score0.41065EPSS
CVE
CVE
added 2006/08/17 1:4 a.m.49 views

CVE-2006-4193

Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (O...

7.5CVSS7.7AI score0.50185EPSS
CVE
CVE
added 2006/02/15 11:0 a.m.48 views

CVE-2005-4717

Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereferenc...

5CVSS6.8AI score0.10269EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.48 views

CVE-2006-1188

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.

7.5CVSS7.2AI score0.63986EPSS
CVE
CVE
added 2006/08/08 11:4 p.m.48 views

CVE-2006-3638

Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM...

7.5CVSS7.2AI score0.64559EPSS
CVE
CVE
added 2006/07/18 3:47 p.m.48 views

CVE-2006-3657

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.

5CVSS7.2AI score0.30174EPSS
CVE
CVE
added 2006/04/25 1:2 a.m.47 views

CVE-2006-1992

mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Micro...

2.6CVSS6.9AI score0.4862EPSS
CVE
CVE
added 2006/06/13 7:6 p.m.47 views

CVE-2006-2378

Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.

6.8CVSS7.6AI score0.62392EPSS
CVE
CVE
added 2006/03/07 12:2 a.m.46 views

CVE-2006-1016

Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.

7.5CVSS7.7AI score0.76517EPSS
CVE
CVE
added 2006/07/10 8:5 p.m.46 views

CVE-2006-3472

Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

5CVSS6.7AI score0.28361EPSS
CVE
CVE
added 2006/07/18 3:47 p.m.46 views

CVE-2006-3659

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.

5CVSS7AI score0.30441EPSS
CVE
CVE
added 2006/12/12 8:28 p.m.46 views

CVE-2006-5579

Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability."

9.3CVSS7.4AI score0.58516EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.45 views

CVE-2006-1186

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.

10CVSS7.5AI score0.7482EPSS
CVE
CVE
added 2006/06/02 10:18 a.m.45 views

CVE-2006-2766

Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.

2.6CVSS6.7AI score0.63435EPSS
CVE
CVE
added 2006/06/28 10:5 p.m.45 views

CVE-2006-3280

Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the targe...

7.5CVSS5.9AI score0.63431EPSS
CVE
CVE
added 2006/07/27 11:4 a.m.45 views

CVE-2006-3899

Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen...

5CVSS6.6AI score0.1755EPSS
CVE
CVE
added 2006/01/27 10:3 p.m.44 views

CVE-2006-0057

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims tha...

7.5CVSS6.5AI score0.45819EPSS
CVE
CVE
added 2006/10/05 4:4 a.m.44 views

CVE-2006-5162

wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow.

5CVSS6.9AI score0.12413EPSS
CVE
CVE
added 2006/05/05 12:46 p.m.43 views

CVE-2006-2218

Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.

9.3CVSS7.3AI score0.62818EPSS
CVE
CVE
added 2006/06/13 7:6 p.m.42 views

CVE-2006-2385

Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.

7.6CVSS7.4AI score0.18242EPSS
CVE
CVE
added 2006/08/09 12:4 a.m.42 views

CVE-2006-3643

Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect C...

6CVSS5.4AI score0.29778EPSS
CVE
CVE
added 2006/07/27 11:4 a.m.42 views

CVE-2006-3898

Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference.

5CVSS6.6AI score0.22127EPSS
CVE
CVE
added 2006/06/13 7:6 p.m.41 views

CVE-2006-2383

Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way...

9.3CVSS7.7AI score0.68973EPSS
CVE
CVE
added 2006/06/13 7:6 p.m.41 views

CVE-2006-2384

Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious sit...

4.3CVSS6.5AI score0.24782EPSS
CVE
CVE
added 2006/08/08 11:4 p.m.41 views

CVE-2006-3637

Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

5.1CVSS7.2AI score0.77254EPSS
CVE
CVE
added 2006/07/21 2:3 p.m.41 views

CVE-2006-3729

DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null d...

2.6CVSS7.2AI score0.22294EPSS
CVE
CVE
added 2006/07/28 12:4 a.m.41 views

CVE-2006-3915

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference.

5CVSS6.9AI score0.21033EPSS
CVE
CVE
added 2006/08/30 1:0 a.m.40 views

CVE-2005-4810

Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX).

5CVSS6.8AI score0.1851EPSS
CVE
CVE
added 2006/04/26 8:6 p.m.40 views

CVE-2006-2056

Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary f...

5CVSS7AI score0.21024EPSS
CVE
CVE
added 2006/07/11 10:5 p.m.40 views

CVE-2006-3512

Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference.

5CVSS7AI score0.25485EPSS
CVE
CVE
added 2006/07/27 11:4 a.m.40 views

CVE-2006-3897

Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.

5CVSS6.8AI score0.2717EPSS
CVE
CVE
added 2006/02/14 11:0 a.m.39 views

CVE-2005-3240

Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focu...

5.1CVSS7.3AI score0.1023EPSS
Total number of security vulnerabilities68