Lucene search

K
MicrosoftInternet Explorer

54 matches found

CVE
CVE
added 2008/12/11 3:30 p.m.260 views

CVE-2008-4844

Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a...

9.3CVSS7.5AI score0.82846EPSS
CVE
CVE
added 2008/09/11 1:1 a.m.114 views

CVE-2007-5348

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 20...

9.3CVSS8AI score0.76417EPSS
CVE
CVE
added 2008/09/11 1:11 a.m.94 views

CVE-2008-3013

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, S...

9.3CVSS7.7AI score0.74609EPSS
CVE
CVE
added 2008/09/11 1:11 a.m.86 views

CVE-2008-3014

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital ...

9.3CVSS7.8AI score0.71547EPSS
CVE
CVE
added 2008/03/28 11:44 p.m.82 views

CVE-2008-1544

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP req...

7.1CVSS6.1AI score0.50192EPSS
CVE
CVE
added 2008/08/13 12:42 p.m.80 views

CVE-2008-2258

Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... perfor...

9.3CVSS7.3AI score0.6787EPSS
CVE
CVE
added 2008/01/25 1:0 a.m.75 views

CVE-2008-0454

Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (...

9.3CVSS6.2AI score0.41318EPSS
CVE
CVE
added 2008/09/11 1:11 a.m.66 views

CVE-2008-3012

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, S...

9.3CVSS7.7AI score0.70686EPSS
CVE
CVE
added 2008/11/12 11:30 p.m.62 views

CVE-2008-4029

Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vuln...

4.3CVSS5.5AI score0.67521EPSS
CVE
CVE
added 2008/12/12 6:30 p.m.58 views

CVE-2008-5556

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the v...

4.3CVSS6AI score0.11107EPSS
CVE
CVE
added 2008/07/07 5:41 p.m.57 views

CVE-2008-3023

Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and earlier, and 3.6.3 dev3 and earlier development versions, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2005-1799.

4.3CVSS5.6AI score0.2363EPSS
CVE
CVE
added 2008/04/08 11:5 p.m.55 views

CVE-2008-1085

Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.

9.3CVSS7.2AI score0.4438EPSS
CVE
CVE
added 2008/12/12 6:30 p.m.55 views

CVE-2008-5554

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Se...

4.3CVSS6AI score0.1369EPSS
CVE
CVE
added 2008/06/30 10:41 p.m.53 views

CVE-2008-2947

Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of...

6.8CVSS8.4AI score0.43936EPSS
CVE
CVE
added 2008/12/12 6:30 p.m.53 views

CVE-2008-5555

Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF s...

4.3CVSS6.3AI score0.15465EPSS
CVE
CVE
added 2008/10/15 12:12 a.m.52 views

CVE-2008-3477

Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-bas...

9.3CVSS7.4AI score0.65695EPSS
CVE
CVE
added 2008/03/28 11:44 p.m.51 views

CVE-2008-1545

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encod...

4.3CVSS6.5AI score0.24205EPSS
CVE
CVE
added 2008/12/12 6:30 p.m.51 views

CVE-2008-5553

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has report...

4.3CVSS5.9AI score0.1369EPSS
CVE
CVE
added 2008/12/10 2:0 p.m.50 views

CVE-2008-4261

Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags th...

9.3CVSS7.5AI score0.56169EPSS
CVE
CVE
added 2008/02/12 11:0 p.m.49 views

CVE-2008-0077

Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerabi...

9.3CVSS8.9AI score0.65009EPSS
CVE
CVE
added 2008/12/10 2:0 p.m.49 views

CVE-2008-4258

Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability."

8.5CVSS7.2AI score0.54688EPSS
CVE
CVE
added 2008/06/30 10:41 p.m.48 views

CVE-2008-2949

Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-l...

6.8CVSS6.5AI score0.42038EPSS
CVE
CVE
added 2008/08/13 12:42 p.m.47 views

CVE-2008-2255

Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."

9.3CVSS7.4AI score0.57631EPSS
CVE
CVE
added 2008/08/13 12:42 p.m.47 views

CVE-2008-2259

Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."

9.3CVSS7.3AI score0.54114EPSS
CVE
CVE
added 2008/07/14 11:41 p.m.47 views

CVE-2008-3173

Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist because ...

6.8CVSS6.4AI score0.14378EPSS
CVE
CVE
added 2008/12/12 6:30 p.m.47 views

CVE-2008-5552

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reporte...

4.3CVSS5.9AI score0.08062EPSS
CVE
CVE
added 2008/08/13 12:42 p.m.46 views

CVE-2008-2256

Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability."

9.3CVSS7.7AI score0.55715EPSS
CVE
CVE
added 2008/01/25 4:0 p.m.45 views

CVE-2008-0460

Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML ...

4.3CVSS5.4AI score0.1566EPSS
CVE
CVE
added 2008/04/08 11:5 p.m.45 views

CVE-2008-1086

The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.

9.3CVSS7.4AI score0.55129EPSS
CVE
CVE
added 2008/10/15 12:12 a.m.45 views

CVE-2008-3474

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosu...

6.5CVSS8.1AI score0.37362EPSS
CVE
CVE
added 2008/10/15 12:12 a.m.45 views

CVE-2008-3475

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corru...

9.3CVSS8.8AI score0.5767EPSS
CVE
CVE
added 2008/12/10 2:0 p.m.45 views

CVE-2008-4260

Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

8.5CVSS7.2AI score0.52943EPSS
CVE
CVE
added 2008/12/29 3:24 p.m.45 views

CVE-2008-5750

Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.

6.8CVSS7.7AI score0.19617EPSS
CVE
CVE
added 2008/02/12 11:0 p.m.44 views

CVE-2008-0076

Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."

9.3CVSS8.8AI score0.4845EPSS
CVE
CVE
added 2008/02/12 11:0 p.m.44 views

CVE-2008-0078

Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."

9.3CVSS8.7AI score0.51546EPSS
CVE
CVE
added 2008/12/10 2:0 p.m.44 views

CVE-2008-4259

Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruptio...

9.3CVSS7.2AI score0.55104EPSS
CVE
CVE
added 2008/06/24 7:41 p.m.43 views

CVE-2008-2841

Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.

6.8CVSS7.8AI score0.19922EPSS
CVE
CVE
added 2008/06/30 10:41 p.m.43 views

CVE-2008-2948

Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-l...

6.8CVSS6.3AI score0.43936EPSS
CVE
CVE
added 2008/10/15 12:12 a.m.43 views

CVE-2008-3473

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event...

9.3CVSS8.8AI score0.41942EPSS
CVE
CVE
added 2008/10/29 3:31 p.m.43 views

CVE-2008-4788

Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to sp...

5CVSS6.5AI score0.16475EPSS
CVE
CVE
added 2008/08/13 12:42 p.m.41 views

CVE-2008-2254

Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."

9.3CVSS7.4AI score0.55715EPSS
CVE
CVE
added 2008/08/13 12:42 p.m.41 views

CVE-2008-2257

Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption ...

9.3CVSS7.3AI score0.6787EPSS
CVE
CVE
added 2008/05/18 2:20 p.m.40 views

CVE-2008-2281

Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated...

9.3CVSS6.1AI score0.55918EPSS
CVE
CVE
added 2008/10/15 12:12 a.m.40 views

CVE-2008-3472

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML ...

9.3CVSS8.8AI score0.42159EPSS
CVE
CVE
added 2008/05/12 10:20 p.m.39 views

CVE-2008-2159

Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information.

2.1CVSS6AI score0.00835EPSS
CVE
CVE
added 2008/01/04 1:46 a.m.38 views

CVE-2008-0090

A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method.

5CVSS6.6AI score0.12537EPSS
CVE
CVE
added 2008/10/15 12:12 a.m.38 views

CVE-2008-3476

Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability."

9.3CVSS8.7AI score0.61776EPSS
CVE
CVE
added 2008/10/29 3:31 p.m.38 views

CVE-2008-4787

Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025.

5.8CVSS6.3AI score0.67172EPSS
CVE
CVE
added 2008/10/02 6:18 p.m.37 views

CVE-2008-4381

Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.

5CVSS6.6AI score0.30084EPSS
CVE
CVE
added 2008/06/12 2:32 a.m.36 views

CVE-2008-1442

Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.65328EPSS
Total number of security vulnerabilities54