Vulnerabilities > Microsoft > IE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-09 | CVE-2006-3643 | Cross-Site Scripting vulnerability in Microsoft IE and Internet Explorer Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." | 6.0 |
| 2006-08-09 | CVE-2006-3640 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." | 5.0 |
| 2006-08-08 | CVE-2006-3637 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | 5.1 |
| 2006-07-31 | CVE-2006-3944 | Object ListWidth Property Denial Of Service vulnerability in Microsoft IE 6 Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. | 5.0 |
| 2006-07-28 | CVE-2006-3910 | Denial Of Service vulnerability in Microsoft IE 6.0 Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference. | 5.0 |
| 2006-07-18 | CVE-2006-3659 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object. | 5.0 |
| 2006-07-18 | CVE-2006-3658 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check. | 5.0 |
| 2006-07-18 | CVE-2006-3657 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property. | 5.0 |
| 2006-07-11 | CVE-2006-3513 | Unspecified vulnerability in Microsoft IE and Internet Explorer danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference. | 5.0 |
| 2006-07-10 | CVE-2006-3472 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. | 5.0 |