Vulnerabilities > Microsoft > Internet Explorer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-09 | CVE-2007-3893 | Resource Management Errors vulnerability in Microsoft Internet Explorer Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error. | 6.8 |
| 2007-10-08 | CVE-2007-5277 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560. network microsoft | 4.3 |
| 2007-10-01 | CVE-2007-5158 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511. network microsoft | 4.3 |
| 2007-09-12 | CVE-2007-4848 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. network microsoft | 4.3 |
| 2007-08-22 | CVE-2007-4478 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content. network microsoft | 4.3 |
| 2007-08-14 | CVE-2007-0943 | Unspecified vulnerability in Microsoft IE and Internet Explorer Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers. network microsoft | 6.8 |
| 2007-08-08 | CVE-2007-4227 | Unspecified vulnerability in Microsoft Internet Explorer 6.0/7 Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. network microsoft | 4.3 |
| 2007-07-27 | CVE-2007-4041 | OS Command Injection vulnerability in multiple products Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | 6.8 |
| 2007-07-24 | CVE-2007-3954 | Cross-Site Scripting vulnerability in multiple products Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670. | 4.3 |
| 2007-07-21 | CVE-2007-3930 | Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. | 4.3 |