Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microsoft Subscribe
Filtered by product Internet Explorer
Total 1737 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1043 1 Microsoft 2 Internet Explorer, Windows 7 2021-07-23 10.0 HIGH N/A
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
CVE-2008-3173 1 Microsoft 1 Internet Explorer 2021-07-23 6.8 MEDIUM N/A
Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866.
CVE-2008-4127 1 Microsoft 2 Internet Explorer, Windows Xp 2021-07-23 4.3 MEDIUM N/A
Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function.
CVE-2010-3331 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-3328 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-3327 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 4.3 MEDIUM N/A
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability."
CVE-2010-3329 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-3243 1 Microsoft 8 Internet Explorer, Sharepoint Server, Sharepoint Services and 5 more 2021-07-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
CVE-2008-2841 2 Microsoft, Xchat 3 Internet Explorer, Windows Nt, Xchat 2021-07-23 6.8 MEDIUM N/A
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
CVE-2008-0454 2 Microsoft, Skype Technologies 3 Internet Explorer, Windows, Skype 2021-07-23 9.3 HIGH N/A
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."
CVE-2009-4804 3 Mario Matzulla, Microsoft, Typo3 3 Calendar Base, Internet Explorer, Typo3 2021-07-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters."
CVE-2010-3330 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."
CVE-2008-0460 2 Mediawiki, Microsoft 3 Mediawiki, Mediawiki Botquery Ext, Internet Explorer 2021-07-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0027 1 Microsoft 8 Internet Explorer, Windows 2000, Windows 2003 Server and 5 more 2021-07-23 9.3 HIGH N/A
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
CVE-2012-1858 1 Microsoft 9 Internet Explorer, Lync, Office Communicator and 6 more 2021-07-23 4.3 MEDIUM N/A
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
CVE-2009-1335 1 Microsoft 3 Internet Explorer, Windows Vista, Windows Xp 2021-07-23 4.3 MEDIUM N/A
Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr.
CVE-2010-3324 1 Microsoft 6 Groove Server, Internet Explorer, Sharepoint Foundation and 3 more 2021-07-23 4.3 MEDIUM N/A
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
CVE-2010-3325 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."
CVE-2010-2429 2 Microsoft, Splunk 2 Internet Explorer, Splunk 2021-07-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.
CVE-2010-2442 1 Microsoft 1 Internet Explorer 2021-07-23 4.3 MEDIUM N/A
Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."