Vulnerabilities > Microsoft > Internet Explorer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-11 | CVE-2006-3511 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference. | 5.0 |
| 2006-07-10 | CVE-2006-3472 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. | 5.0 |
| 2006-07-07 | CVE-2006-3427 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference. | 5.0 |
| 2006-07-06 | CVE-2006-3354 | Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. | 5.0 |
| 2006-06-28 | CVE-2006-3281 | Improper Input Validation vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear. | 5.1 |
| 2006-06-23 | CVE-2006-3200 | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900 Unspecified versions of Internet Explorer allow remote attackers to cause a denial of service (crash) via an IFRAME with a src tag containing a "File://" URI followed by an 8-bit character. | 5.0 |
| 2006-06-13 | CVE-2006-2384 | Information Exposure vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." | 4.3 |
| 2006-06-13 | CVE-2006-2378 | Unspecified vulnerability in Microsoft products Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. network microsoft | 6.8 |
| 2006-04-29 | CVE-2006-2094 | Race Condition vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. | 5.1 |
| 2006-04-11 | CVE-2006-1191 | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site. | 4.0 |