Vulnerabilities > Microsoft > Internet Explorer > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-11 | CVE-2007-3896 | Improper Input Validation vulnerability in Microsoft Internet Explorer 7.0 The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. | 9.3 |
| 2007-10-09 | CVE-2007-3893 | Resource Management Errors vulnerability in Microsoft Internet Explorer Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error. | 6.8 |
| 2007-10-09 | CVE-2007-3892 | Code Injection vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826. | 7.5 |
| 2007-09-12 | CVE-2007-4848 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. network microsoft | 4.3 |
| 2007-07-10 | CVE-2007-3670 | Cross-Site Scripting vulnerability in multiple products Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. | 4.3 |
| 2007-06-29 | CVE-2007-3497 | Unspecified vulnerability in Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable. | 5.0 |
| 2007-06-29 | CVE-2007-3493 | A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400. | 7.5 |
| 2007-06-21 | CVE-2007-3341 | Unspecified vulnerability in Microsoft Internet Explorer 5/6.0/7.0 Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. | 10.0 |
| 2007-06-12 | CVE-2007-3027 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7.0 Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." | 9.3 |
| 2007-06-12 | CVE-2007-2222 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 5.01/6/7.0 Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. | 9.3 |