Vulnerabilities > Microsoft > Internet Explorer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-08 | CVE-2007-4227 | Unspecified vulnerability in Microsoft Internet Explorer 6.0/7 Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. network microsoft | 4.3 |
| 2007-07-27 | CVE-2007-4042 | Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | 7.5 |
| 2007-07-27 | CVE-2007-4041 | OS Command Injection vulnerability in multiple products Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | 6.8 |
| 2007-07-24 | CVE-2007-3958 | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. network microsoft | 7.1 |
| 2007-07-24 | CVE-2007-3954 | Cross-Site Scripting vulnerability in multiple products Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670. | 4.3 |
| 2007-07-21 | CVE-2007-3930 | Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. | 4.3 |
| 2007-07-17 | CVE-2007-3826 | Unspecified vulnerability in Microsoft Internet Explorer 7 Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. | 9.3 |
| 2007-07-10 | CVE-2007-3670 | Cross-Site Scripting vulnerability in multiple products Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. | 4.3 |
| 2007-06-29 | CVE-2007-3497 | Unspecified vulnerability in Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable. | 5.0 |
| 2007-06-29 | CVE-2007-3493 | A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400. | 7.5 |