Vulnerabilities > Microsoft > Internet Explorer > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-03-29 | CVE-2010-1175 | Unspecified vulnerability in Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." | 9.3 |
| 2010-03-25 | CVE-2010-1118 | Unspecified vulnerability in Microsoft Internet Explorer 8 Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. | 10.0 |
| 2010-01-22 | CVE-2010-0247 | Code Injection vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | 9.3 |
| 2009-06-10 | CVE-2009-1141 | Resource Management Errors vulnerability in Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." | 9.3 |
| 2009-04-15 | CVE-2009-0552 | Unspecified vulnerability in Microsoft IE and Internet Explorer Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." | 9.3 |
| 2009-03-23 | CVE-2009-1043 | Unspecified vulnerability in Microsoft Internet Explorer 8 Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. | 10.0 |
| 2009-02-10 | CVE-2009-0075 | Resource Management Errors vulnerability in Microsoft Internet Explorer 7 Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability." | 9.3 |
| 2009-02-10 | CVE-2009-0305 | Buffer Errors vulnerability in Research in Motion Limited Blackberry Application web Loader 1.0 Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method. | 9.3 |
| 2009-01-29 | CVE-2009-0341 | Buffer Errors vulnerability in Microsoft Internet Explorer 7 The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. | 9.3 |
| 2008-12-12 | CVE-2008-5520 | Improper Input Validation vulnerability in Ahnlab V3 Internet Security 2008.12.4.1/2008.9.13.0 AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |