Vulnerabilities > Microsoft > Internet Explorer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-12-16 | CVE-2010-3342 | Information Exposure vulnerability in Microsoft Internet Explorer 6/7/8 Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. | 4.3 |
| 2010-10-08 | CVE-2010-3886 | Information Exposure vulnerability in Microsoft Internet Explorer 8 The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application. | 4.3 |
| 2010-09-17 | CVE-2010-3324 | Cross-Site Scripting vulnerability in Microsoft products The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. | 4.3 |
| 2010-06-24 | CVE-2010-2442 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets." | 4.3 |
| 2010-06-01 | CVE-2010-2119 | Resource Management Errors vulnerability in Microsoft Internet Explorer 6.0.2900.2180 Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs. | 4.3 |
| 2010-06-01 | CVE-2010-2118 | Resource Management Errors vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. | 4.3 |
| 2010-05-27 | CVE-2010-2091 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 2007 Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. | 4.3 |
| 2010-05-20 | CVE-2010-1991 | Resource Management Errors vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. | 5.0 |
| 2010-05-07 | CVE-2010-1852 | Information Exposure vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue. | 4.3 |
| 2010-04-20 | CVE-2010-1489 | Cross-site Scripting vulnerability in Microsoft Internet Explorer 8 The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074. | 4.3 |