Vulnerabilities > Microsoft > Internet Explorer > 7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-08-15 | CVE-2007-4356 | Unspecified vulnerability in Microsoft Internet Explorer 6/7 Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file. | 9.3 |
2007-08-14 | CVE-2007-1749 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7 Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow. | 9.3 |
2007-08-14 | CVE-2007-3041 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7 Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability." | 9.3 |
2007-08-14 | CVE-2007-2216 | Configuration vulnerability in Microsoft Internet Explorer 5.01/6/7 The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability." | 9.3 |
2007-08-08 | CVE-2007-4227 | Unspecified vulnerability in Microsoft Internet Explorer 6.0/7 Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. network microsoft | 4.3 |
2007-07-27 | CVE-2007-4042 | Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | 7.5 |
2007-07-27 | CVE-2007-4041 | OS Command Injection vulnerability in multiple products Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | 6.8 |
2007-07-17 | CVE-2007-3826 | Unspecified vulnerability in Microsoft Internet Explorer 7 Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. | 9.3 |
2005-12-31 | CVE-2005-4844 | Unspecified vulnerability in Microsoft Internet Explorer The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. network microsoft | 7.1 |