Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Ie
Total 203 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0076 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 9.3 HIGH N/A
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."
CVE-2006-6659 1 Microsoft 3 Ie, Outlook, Windows Xp 2024-02-04 5.0 MEDIUM N/A
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
CVE-2006-4777 1 Microsoft 1 Ie 2024-02-04 7.6 HIGH N/A
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.
CVE-2007-0944 1 Microsoft 5 Ie, Internet Explorer, Windows 2000 and 2 more 2024-02-04 9.3 HIGH N/A
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
CVE-2007-1091 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 6.8 MEDIUM N/A
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
CVE-2007-0942 1 Microsoft 6 Ie, Internet Explorer, Windows 2000 and 3 more 2024-02-04 9.3 HIGH N/A
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.
CVE-2007-3903 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 6.8 MEDIUM N/A
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."
CVE-2006-5884 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 7.5 HIGH N/A
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.
CVE-2007-3902 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 9.3 HIGH N/A
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
CVE-2008-0078 1 Microsoft 3 Activex, Ie, Internet Explorer 2024-02-04 9.3 HIGH N/A
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."
CVE-2006-4697 1 Microsoft 5 Ie, Internet Explorer, Windows 2000 and 2 more 2024-02-04 9.3 HIGH N/A
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
CVE-2005-0500 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 5.0 MEDIUM N/A
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.
CVE-2006-1359 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 9.3 HIGH N/A
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
CVE-2006-1388 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 7.5 HIGH N/A
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
CVE-2005-2831 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 7.5 HIGH N/A
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.
CVE-2005-4269 1 Microsoft 3 Ie, Windows 2003 Server, Windows Xp 2024-02-04 7.8 HIGH N/A
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
CVE-2006-1185 2 Canon, Microsoft 3 Network Camera Server Vb101, Ie, Internet Explorer 2024-02-04 7.5 HIGH N/A
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.
CVE-2005-2829 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 5.1 MEDIUM N/A
Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."
CVE-2005-0055 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 7.5 HIGH N/A
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."
CVE-2005-2830 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 5.0 MEDIUM N/A
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."