Vulnerabilities > Microsoft > IE

DATE CVE VULNERABILITY TITLE RISK
2012-03-09 CVE-2012-1545 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
network
microsoft CWE-119
5.8
2011-12-07 CVE-2010-5071 Permissions, Privileges, and Access Controls vulnerability in Microsoft IE and Internet Explorer
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
network
low complexity
microsoft CWE-264
5.0
2011-12-07 CVE-2002-2435 Information Exposure vulnerability in Microsoft IE and Internet Explorer
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
network
microsoft CWE-200
4.3
2010-06-01 CVE-2010-2118 Resource Management Errors vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
network
microsoft CWE-399
4.3
2010-05-20 CVE-2010-1991 Resource Management Errors vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
network
low complexity
microsoft CWE-399
5.0
2009-07-22 CVE-2009-2576 Resource Management Errors vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.
network
low complexity
microsoft CWE-399
5.0
2009-07-10 CVE-2009-2433 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft IE and Internet Explorer
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
network
microsoft CWE-119
4.3
2009-06-15 CVE-2009-2069 Improper Authentication vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
network
microsoft CWE-287
5.8
2009-06-15 CVE-2009-2057 Improper Authentication vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
network
microsoft CWE-287
5.8
2009-04-15 CVE-2009-0552 Unspecified vulnerability in Microsoft IE and Internet Explorer
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
network
microsoft
critical
9.3