Vulnerabilities > Microsoft > Internet Explorer
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-08 | CVE-2006-3638 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." | 7.5 |
2006-08-08 | CVE-2006-3637 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | 5.1 |
2006-08-08 | CVE-2006-3450 | Improper Input Validation vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. | 7.5 |
2006-07-28 | CVE-2006-3915 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference. | 5.0 |
2006-07-27 | CVE-2006-3899 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function. | 5.0 |
2006-07-27 | CVE-2006-3898 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference. | 5.0 |
2006-07-27 | CVE-2006-3897 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 6.0 Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. | 5.0 |
2006-07-21 | CVE-2006-3730 | Code Injection vulnerability in Microsoft IE and Internet Explorer Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. | 9.3 |
2006-07-21 | CVE-2006-3729 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference. | 2.6 |
2006-07-18 | CVE-2006-3659 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object. | 5.0 |