Vulnerabilities > Microsoft > Internet Explorer > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-06-06 | CVE-2007-3075 | Unspecified vulnerability in Microsoft Internet Explorer Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences. | 7.8 |
2007-04-26 | CVE-2007-2291 | Unspecified vulnerability in Microsoft Internet Explorer 7.0.5730.11 CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute. | 7.5 |
2007-03-02 | CVE-2006-7066 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. network microsoft | 7.1 |
2007-02-26 | CVE-2007-1094 | Unspecified vulnerability in Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document. | 7.8 |
2007-01-31 | CVE-2007-0612 | Unspecified vulnerability in Microsoft IE and Internet Explorer Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference. | 7.8 |
2006-11-14 | CVE-2006-5884 | Unspecified vulnerability in Microsoft IE and Internet Explorer Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. | 7.5 |
2006-08-17 | CVE-2006-4193 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. | 7.5 |
2006-08-09 | CVE-2006-3639 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability." | 7.5 |
2006-08-08 | CVE-2006-3638 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." | 7.5 |
2006-08-08 | CVE-2006-3450 | Improper Input Validation vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. | 7.5 |