Internet Explorer

internet_explorer

Vendor: Microsoft • 1,635 CVEs

CVEs (1,635)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-0946 1Microsoft 1Internet Explorer Apr 23, 2026 May 8, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in...Show more Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.Show less
CVE-2007-0945 1Microsoft 1Internet Explorer Apr 23, 2026 May 8, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods t...Show more Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability."Show less
CVE-2007-0944 1Microsoft 2Ie Internet Explorer Apr 23, 2026 May 8, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allow...Show more Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."Show less
CVE-2007-0942 1Microsoft 2Ie Internet Explorer Apr 23, 2026 May 8, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain CO...Show more Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.Show less
CVE-2007-2292 2Microsoft Mozilla 3Firefox Internet ExplorerSeamonkey Apr 23, 2026 Apr 26, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the...Show more CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.Show less
CVE-2007-2291 1Microsoft 1Internet Explorer Apr 23, 2026 Apr 26, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.
CVE-2007-2161 1Microsoft 1Internet Explorer Apr 23, 2026 Apr 22, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
CVE-2007-1765 2Avaya Microsoft 10Definity One Media Server IeInternet Explorer+7 more Apr 23, 2026 Mar 30, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory c...Show more Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.Show less
CVE-2006-7066 1Microsoft 1Internet Explorer Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 7.1 HIGH· v2 Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then ac...Show more Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.Show less
CVE-2006-7065 2Canon Microsoft 3Ie Internet ExplorerNetwork Camera Server Vb101 Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a n...Show more Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.Show less
CVE-2007-1094 1Microsoft 1Internet Explorer Apr 23, 2026 Feb 26, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.
CVE-2007-1091 1Microsoft 2Ie Internet Explorer Apr 23, 2026 Feb 26, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
CVE-2006-7031 1Microsoft 1Internet Explorer Apr 23, 2026 Feb 23, 2007 N/A· v4 6.5 MEDIUM· v3 5.0 MEDIUM· v2 Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" i...Show more Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.Show less
CVE-2006-7029 1Microsoft 1Internet Explorer Apr 23, 2026 Feb 23, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related...Show more Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637.Show less
CVE-2007-0219 1Microsoft 2Ie Internet Explorer Apr 23, 2026 Feb 13, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified...Show more Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.Show less
CVE-2007-0217 1Microsoft 2Ie Internet Explorer Apr 23, 2026 Feb 13, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be w...Show more The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.Show less
CVE-2006-4697 1Microsoft 2Ie Internet Explorer Apr 23, 2026 Feb 13, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be relat...Show more Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.Show less
CVE-2007-0612 1Microsoft 2Ie Internet Explorer Apr 23, 2026 Jan 31, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor...Show more Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.Show less
CVE-2006-6956 1Microsoft 1Internet Explorer Apr 23, 2026 Jan 29, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
CVE-2007-0024 1Microsoft 2Ie Internet Explorer Apr 23, 2026 Jan 9, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute...Show more Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."Show less

Previous 1...656667...82 Next