Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microsoft Subscribe
Filtered by product Internet Explorer
Total 1737 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-0248 2 Apple, Microsoft 5 Quicktime, Internet Explorer, Windows 7 and 2 more 2021-07-23 9.3 HIGH N/A
Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file.
CVE-2009-1919 1 Microsoft 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-5071 1 Microsoft 2 Ie, Internet Explorer 2021-07-23 5.0 MEDIUM N/A
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
CVE-2010-4183 2 Htmlpurifier, Microsoft 2 Htmlpurifier, Internet Explorer 2021-07-23 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.
CVE-2009-3671 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.
CVE-2009-3673 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2011-0035 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036.
CVE-2011-0346 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
CVE-2008-0454 2 Microsoft, Skype Technologies 3 Internet Explorer, Windows, Skype 2021-07-23 9.3 HIGH N/A
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."
CVE-2008-0460 2 Mediawiki, Microsoft 3 Mediawiki, Mediawiki Botquery Ext, Internet Explorer 2021-07-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4804 3 Mario Matzulla, Microsoft, Typo3 3 Calendar Base, Internet Explorer, Typo3 2021-07-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters."
CVE-2010-3971 1 Microsoft 1 Internet Explorer 2021-07-23 9.3 HIGH N/A
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
CVE-2011-0347 1 Microsoft 2 Internet Explorer, Windows Xp 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.
CVE-2012-1874 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
CVE-2011-1345 1 Microsoft 2 Internet Explorer, Windows 7 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
CVE-2010-3331 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2012-1875 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
CVE-2010-1117 1 Microsoft 2 Internet Explorer, Windows 7 2021-07-23 7.6 HIGH N/A
Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
CVE-2010-3330 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."
CVE-2012-1876 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.