Vulnerabilities > Microsoft > Internet Explorer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-11 | CVE-2006-1186 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. | 10.0 |
| 2006-04-11 | CVE-2006-1185 | Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. | 7.5 |
| 2006-04-05 | CVE-2006-1626 | Improper Input Validation vulnerability in Microsoft Internet Explorer 6.0 Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. | 4.3 |
| 2006-03-24 | CVE-2006-1388 | Unspecified vulnerability in Microsoft IE and Internet Explorer Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors. | 7.5 |
| 2006-03-23 | CVE-2006-1359 | Code Injection vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. | 9.3 |
| 2006-03-07 | CVE-2006-1016 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument. | 7.5 |
| 2006-02-21 | CVE-2006-0830 | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900 The scripting engine in Internet Explorer allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary code via a web page that contains a recurrent call to an infinite loop in Javascript or VBscript, which consumes the stack, as demonstrated by resetting the "location" variable within the loop. | 7.5 |
| 2006-02-19 | CVE-2006-0799 | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900 Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. | 4.0 |
| 2006-02-08 | CVE-2006-0585 | Unspecified vulnerability in Microsoft Internet Explorer jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference. | 5.0 |
| 2006-01-27 | CVE-2006-0057 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. | 7.5 |