Vulnerabilities > Microsoft > Internet Explorer > 7.0.5730.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-28 | CVE-2008-1545 | Improper Input Validation vulnerability in Microsoft Internet Explorer 7.0/7.0.5730.11 The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size. | 4.3 |
2007-12-12 | CVE-2007-5347 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." network microsoft | 6.8 |
2007-12-12 | CVE-2007-5344 | Code Injection vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." | 6.8 |
2007-12-12 | CVE-2007-3903 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability." network microsoft | 6.8 |
2007-12-12 | CVE-2007-3902 | Resource Management Errors vulnerability in Microsoft IE and Internet Explorer Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." | 9.3 |
2007-09-12 | CVE-2007-4848 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. network microsoft | 4.3 |
2007-04-26 | CVE-2007-2292 | Improper Input Validation vulnerability in multiple products CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. | 4.3 |
2007-04-26 | CVE-2007-2291 | Unspecified vulnerability in Microsoft Internet Explorer 7.0.5730.11 CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute. | 7.5 |