Vulnerabilities > Microsoft > Internet Explorer > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-08-12 | CVE-2014-2817 | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | 8.8 |
2014-06-11 | CVE-2014-2777 | Code Injection vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-1778. | 7.5 |
2014-04-27 | CVE-2014-1765 | Resource Management Errors vulnerability in Microsoft Internet Explorer Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. | 7.6 |
2014-04-27 | CVE-2014-1762 | Remote Code Execution vulnerability in Microsoft Internet Explorer Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014. | 7.5 |
2014-02-14 | CVE-2014-0322 | Use After Free vulnerability in Microsoft Internet Explorer 10/9 Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014. | 8.8 |
2013-10-09 | CVE-2013-3897 | Use After Free vulnerability in Microsoft Internet Explorer Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability." | 8.8 |
2013-07-10 | CVE-2013-3163 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/8/9 Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151. | 8.8 |
2013-05-05 | CVE-2013-1347 | Use After Free vulnerability in Microsoft Internet Explorer 8 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. | 8.8 |
2013-03-11 | CVE-2013-2557 | Buffer Errors vulnerability in Microsoft Internet Explorer 9 The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. | 7.5 |
2013-03-11 | CVE-2013-2552 | Remote Code Execution vulnerability in Microsoft Internet Explorer 10 Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. | 7.5 |