Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microsoft Subscribe
Filtered by product Internet Explorer
Total 1737 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1765 2 Avaya, Microsoft 10 Definity One Media Server, Ip600 Media Servers, S3400 and 7 more 2021-07-23 9.3 HIGH N/A
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
CVE-2006-7206 1 Microsoft 2 Internet Explorer, Windows Xp 2021-07-23 7.8 HIGH N/A
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899.
CVE-2006-5581 1 Microsoft 1 Internet Explorer 2021-07-23 9.3 HIGH N/A
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability."
CVE-2006-5579 1 Microsoft 2 Internet Explorer, Windows Server 2003 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability."
CVE-2010-3326 1 Microsoft 4 Internet Explorer, Windows 2003 Server, Windows Server 2003 and 1 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-1999-0702 1 Microsoft 1 Internet Explorer 2021-07-22 10.0 HIGH N/A
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.
CVE-1999-0468 1 Microsoft 1 Internet Explorer 2021-07-22 2.6 LOW N/A
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.
CVE-1999-0891 1 Microsoft 1 Internet Explorer 2021-07-22 5.0 MEDIUM N/A
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
CVE-1999-0670 1 Microsoft 1 Internet Explorer 2021-07-22 4.0 MEDIUM N/A
Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands.
CVE-1999-1578 1 Microsoft 1 Internet Explorer 2021-07-22 5.1 MEDIUM N/A
Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.
CVE-1999-1577 1 Microsoft 1 Internet Explorer 2021-07-22 5.1 MEDIUM N/A
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.
CVE-1999-0877 1 Microsoft 1 Internet Explorer 2021-07-22 4.3 MEDIUM N/A
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.
CVE-1999-0669 1 Microsoft 1 Internet Explorer 2021-07-22 4.0 MEDIUM N/A
The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
CVE-2001-0807 1 Microsoft 1 Internet Explorer 2021-07-22 2.6 LOW N/A
Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.
CVE-1999-0668 1 Microsoft 1 Internet Explorer 2021-07-22 5.1 MEDIUM N/A
The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
CVE-1999-1575 1 Microsoft 1 Internet Explorer 2021-07-22 5.1 MEDIUM N/A
The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands.
CVE-1999-0354 1 Microsoft 2 Internet Explorer, Word 2021-07-22 7.5 HIGH N/A
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message.
CVE-1999-0858 1 Microsoft 1 Internet Explorer 2021-07-22 5.0 MEDIUM N/A
Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.
CVE-1999-0490 1 Microsoft 1 Internet Explorer 2021-07-22 7.5 HIGH N/A
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.
CVE-1999-1370 1 Microsoft 1 Internet Explorer 2021-07-22 7.2 HIGH N/A
The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs.