Vulnerabilities > Microsoft > Internet Explorer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-29 | CVE-2006-6956 | Improper Input Validation vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | 4.3 |
| 2006-12-06 | CVE-2006-6311 | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900.2180 Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service via a style attribute in an HTML table tag with a width value that is dynamically calculated using JavaScript. | 5.0 |
| 2006-12-06 | CVE-2006-6310 | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. | 5.0 |
| 2006-11-14 | CVE-2006-4687 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | 5.1 |
| 2006-10-05 | CVE-2006-5162 | Unspecified vulnerability in Microsoft Internet Explorer wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow. | 5.0 |
| 2006-10-05 | CVE-2006-5152 | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900 Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032. network microsoft | 6.8 |
| 2006-08-09 | CVE-2006-3643 | Cross-Site Scripting vulnerability in Microsoft IE and Internet Explorer Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." | 6.0 |
| 2006-08-09 | CVE-2006-3640 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." | 5.0 |
| 2006-08-08 | CVE-2006-3637 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | 5.1 |
| 2006-07-28 | CVE-2006-3915 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference. | 5.0 |