Vulnerabilities > Microsoft > Internet Explorer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-26 | CVE-2007-3406 | Unspecified vulnerability in Microsoft Internet Explorer 6 Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag. network microsoft | 4.3 |
| 2007-06-22 | CVE-2006-7206 | Unspecified vulnerability in Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899. | 7.8 |
| 2007-06-21 | CVE-2007-3341 | Unspecified vulnerability in Microsoft Internet Explorer 5/6.0/7.0 Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. | 10.0 |
| 2007-06-12 | CVE-2007-3027 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7.0 Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." | 9.3 |
| 2007-06-12 | CVE-2007-2222 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 5.01/6/7.0 Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. | 9.3 |
| 2007-06-12 | CVE-2007-1751 | Use of Uninitialized Resource vulnerability in Microsoft Internet Explorer 5.01/6/7.0 Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." | 9.3 |
| 2007-06-12 | CVE-2007-1750 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7.0 Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. | 9.3 |
| 2007-06-12 | CVE-2007-0218 | Code Injection vulnerability in Microsoft Internet Explorer 5.01/6/7.0 Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. | 9.3 |
| 2007-06-11 | CVE-2007-3164 | Unspecified vulnerability in Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar. network microsoft | 5.8 |
| 2007-06-07 | CVE-2007-3111 | Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value. | 10.0 |