Total
206 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0028 | 1 Microsoft | 2 Ie, Internet Explorer | 2022-08-17 | 2.6 LOW | N/A |
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. | |||||
CVE-1999-0827 | 2 Microsoft, Netscape | 3 Ie, Internet Explorer, Navigator | 2022-08-17 | 2.6 LOW | N/A |
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. | |||||
CVE-2012-1545 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.8 MEDIUM | N/A |
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. | |||||
CVE-2011-2383 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release. | |||||
CVE-2009-2433 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 4.3 MEDIUM | N/A |
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument. | |||||
CVE-2002-2435 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 4.3 MEDIUM | N/A |
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. | |||||
CVE-2010-5071 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. | |||||
CVE-2011-2382 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. | |||||
CVE-2007-3903 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 6.8 MEDIUM | N/A |
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability." | |||||
CVE-2007-0612 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 7.8 HIGH | N/A |
Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference. | |||||
CVE-2007-5344 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 6.8 MEDIUM | N/A |
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." | |||||
CVE-2009-2069 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.8 MEDIUM | N/A |
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | |||||
CVE-2007-3902 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." | |||||
CVE-2007-3550 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 7.8 HIGH | N/A |
** DISPUTED ** Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated. | |||||
CVE-2006-7065 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. | |||||
CVE-2009-2057 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.8 MEDIUM | N/A |
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | |||||
CVE-2007-4848 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. | |||||
CVE-2006-2094 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.1 MEDIUM | N/A |
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. | |||||
CVE-2007-5347 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 6.8 MEDIUM | N/A |
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." | |||||
CVE-2006-2766 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 2.6 LOW | N/A |
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. |