Vulnerabilities > Microsoft > Internet Explorer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-10 | CVE-2009-0075 | Resource Management Errors vulnerability in Microsoft Internet Explorer 7 Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability." | 9.3 |
| 2009-01-30 | CVE-2009-0369 | Remote Security vulnerability in Microsoft Internet Explorer 7 Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. network microsoft | 4.3 |
| 2009-01-29 | CVE-2009-0341 | Buffer Errors vulnerability in Microsoft Internet Explorer 7 The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. | 9.3 |
| 2009-01-28 | CVE-2008-3358 | Cross-Site Scripting vulnerability in SAP Netweaver Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document. | 4.3 |
| 2009-01-21 | CVE-2008-5917 | Cross-Site Scripting vulnerability in Horde Application Framework 3.2.2/3.3 Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes. | 4.3 |
| 2009-01-20 | CVE-2008-5912 | Information Disclosure vulnerability in Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. | 2.1 |
| 2008-12-29 | CVE-2008-5750 | Code Injection vulnerability in Microsoft Internet Explorer 8 Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. | 6.8 |
| 2008-12-12 | CVE-2008-5555 | Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8 Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." | 4.3 |
| 2008-12-12 | CVE-2008-5554 | Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8 The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. | 4.3 |
| 2008-12-12 | CVE-2008-5553 | Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8 The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. | 4.3 |