Vulnerabilities > Microsoft > Internet Explorer > 5.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-04-29 | CVE-2006-2094 | Race Condition vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. | 5.1 |
2006-04-11 | CVE-2006-1191 | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site. | 4.0 |
2006-04-11 | CVE-2006-1190 | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code. | 10.0 |
2006-04-11 | CVE-2006-1189 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability." | 10.0 |
2006-04-11 | CVE-2006-1188 | Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. | 7.5 |
2006-04-11 | CVE-2006-1186 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. | 10.0 |
2006-02-08 | CVE-2006-0585 | Unspecified vulnerability in Microsoft Internet Explorer jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference. | 5.0 |
2006-01-27 | CVE-2006-0057 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. | 7.5 |
2005-12-31 | CVE-2005-4844 | Unspecified vulnerability in Microsoft Internet Explorer The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. network microsoft | 7.1 |
2005-12-31 | CVE-2005-3240 | Race Condition vulnerability in Microsoft IE and Internet Explorer Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. | 5.1 |