Vulnerabilities > Microsoft > Internet Explorer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-29 | CVE-2008-4787 | Unspecified vulnerability in Microsoft Internet Explorer 6 Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025. network microsoft | 5.8 |
| 2008-10-02 | CVE-2008-4381 | Resource Management Errors vulnerability in Microsoft Internet Explorer 5/6/7 Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. | 5.0 |
| 2008-09-30 | CVE-2008-4326 | Cross-Site Scripting vulnerability in PHPmyadmin The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. | 4.3 |
| 2008-09-18 | CVE-2008-4127 | Resource Management Errors vulnerability in Microsoft Internet Explorer 7.0.5730/8.0.6001 Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function. | 4.3 |
| 2008-09-15 | CVE-2008-4071 | Improper Input Validation vulnerability in Adobe Acrobat 9 A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. | 5.0 |
| 2008-07-14 | CVE-2008-3173 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866. | 6.8 |
| 2008-06-30 | CVE-2008-2949 | Unspecified vulnerability in Microsoft Internet Explorer 6/7 Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. network microsoft | 6.8 |
| 2008-06-30 | CVE-2008-2948 | Unspecified vulnerability in Microsoft Internet Explorer 7/8 Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. network microsoft | 6.8 |
| 2008-06-30 | CVE-2008-2947 | Improper Access Control vulnerability in Microsoft Internet Explorer 5.01/6/7 Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. | 6.8 |
| 2008-06-24 | CVE-2008-2841 | Code Injection vulnerability in multiple products Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. | 6.8 |