Vulnerabilities > Microsoft > Internet Explorer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-07 | CVE-2010-5071 | Permissions, Privileges, and Access Controls vulnerability in Microsoft IE and Internet Explorer The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. | 5.0 |
| 2011-12-07 | CVE-2002-2435 | Information Exposure vulnerability in Microsoft IE and Internet Explorer The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. | 4.3 |
| 2011-08-10 | CVE-2011-1962 | Improper Input Validation vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability." | 4.3 |
| 2011-08-10 | CVE-2011-1960 | Exposure of Resource to Wrong Sphere vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." | 4.3 |
| 2011-08-09 | CVE-2008-7295 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | 5.8 |
| 2011-06-16 | CVE-2011-1258 | Exposure of Resource to Wrong Sphere vulnerability in Microsoft Internet Explorer 6/7/8 Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." | 4.3 |
| 2011-06-16 | CVE-2011-1246 | Information Exposure vulnerability in Microsoft Internet Explorer 8 Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability." | 4.3 |
| 2011-04-15 | CVE-2011-1713 | Information Exposure vulnerability in Microsoft Internet Explorer 8 Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. | 4.3 |
| 2011-04-13 | CVE-2011-1244 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Microsoft Internet Explorer 6/7/8 Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." | 5.8 |
| 2010-12-16 | CVE-2010-3348 | Information Exposure vulnerability in Microsoft Internet Explorer 6/7/8 Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. | 4.3 |