Vulnerabilities > Microsoft > Internet Explorer > 6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-06-12 | CVE-2008-1442 | Buffer Errors vulnerability in Microsoft Internet Explorer 6/7 Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability." | 9.3 |
2008-04-23 | CVE-2007-6255 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method. | 9.3 |
2008-04-08 | CVE-2008-1086 | Code Injection vulnerability in Microsoft products The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. | 9.3 |
2008-04-08 | CVE-2008-1085 | Code Injection vulnerability in Microsoft IE and Internet Explorer Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler. | 9.3 |
2008-03-18 | CVE-2008-1368 | Code Injection vulnerability in Microsoft Internet Explorer 5/6 CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. | 4.3 |
2008-02-13 | CVE-2008-0751 | Cross-Site Scripting vulnerability in S9Y Serendipity Event Freetag Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/. | 4.3 |
2008-02-12 | CVE-2008-0078 | Code Injection vulnerability in Microsoft Activex, IE and Internet Explorer Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability." | 9.3 |
2008-02-12 | CVE-2008-0077 | Use After Free vulnerability in Microsoft Internet Explorer 6/7 Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability." | 8.8 |
2008-02-12 | CVE-2008-0076 | Code Injection vulnerability in Microsoft IE and Internet Explorer Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability." | 9.3 |
2007-12-12 | CVE-2007-5347 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." network microsoft | 6.8 |