Vulnerabilities > Microsoft > Internet Explorer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-04-17 | CVE-2013-2408 | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology and use of Internet Explorer 6. | 4.3 |
| 2013-02-13 | CVE-2013-0015 | Information Exposure vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability." | 4.3 |
| 2013-01-29 | CVE-2013-1451 | Configuration vulnerability in Microsoft Internet Explorer 8/9 Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450. | 4.0 |
| 2013-01-29 | CVE-2013-1450 | Configuration vulnerability in Microsoft Internet Explorer 8/9 Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd. | 4.0 |
| 2012-03-09 | CVE-2012-1545 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. | 5.8 |
| 2012-02-14 | CVE-2012-0012 | Improper Initialization vulnerability in Microsoft Internet Explorer 9 Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability." | 4.3 |
| 2012-02-14 | CVE-2012-0010 | Information Exposure vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability." | 4.3 |
| 2011-12-14 | CVE-2011-3404 | Information Exposure vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability." | 4.3 |
| 2011-12-14 | CVE-2011-1992 | Cross-site Scripting vulnerability in Microsoft Internet Explorer 8 The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability." | 4.3 |
| 2011-12-07 | CVE-2011-4689 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. | 5.0 |