Vulnerabilities > Microsoft > Internet Explorer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-04 | CVE-2008-0090 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method. | 5.0 |
| 2007-12-12 | CVE-2007-5347 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." network microsoft | 6.8 |
| 2007-12-12 | CVE-2007-5344 | Code Injection vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." | 6.8 |
| 2007-12-12 | CVE-2007-3903 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability." network microsoft | 6.8 |
| 2007-12-12 | CVE-2007-3902 | Resource Management Errors vulnerability in Microsoft IE and Internet Explorer Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." | 9.3 |
| 2007-12-05 | CVE-2007-5355 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7 The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. network microsoft | 5.8 |
| 2007-10-14 | CVE-2007-5456 | Code Injection vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. | 7.5 |
| 2007-10-11 | CVE-2007-3896 | Improper Input Validation vulnerability in Microsoft Internet Explorer 7.0 The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. | 9.3 |
| 2007-10-09 | CVE-2007-3893 | Resource Management Errors vulnerability in Microsoft Internet Explorer Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error. | 6.8 |
| 2007-10-09 | CVE-2007-3892 | Code Injection vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826. | 7.5 |