Total
1742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4842 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 7.1 HIGH | N/A |
| The System Monitor Source Properties control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | |||||
| CVE-2007-0947 | 1 Microsoft | 4 Internet Explorer, Windows 2003 Server, Windows Vista and 1 more | 2021-07-23 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. | |||||
| CVE-2007-0946 | 1 Microsoft | 4 Internet Explorer, Windows 2003 Server, Windows Vista and 1 more | 2021-07-23 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. | |||||
| CVE-2007-0942 | 1 Microsoft | 6 Ie, Internet Explorer, Windows 2000 and 3 more | 2021-07-23 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll. | |||||
| CVE-2007-3341 | 1 Microsoft | 2 All Windows, Internet Explorer | 2021-07-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. | |||||
| CVE-2007-2222 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2021-07-23 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. | |||||
| CVE-2007-2221 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2021-07-23 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability." | |||||
| CVE-2008-1545 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 4.3 MEDIUM | N/A |
| The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size. | |||||
| CVE-2010-1991 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. | |||||
| CVE-2006-4697 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2021-07-23 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. | |||||
| CVE-2007-0945 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2021-07-23 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability." | |||||
| CVE-2007-4356 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file. | |||||
| CVE-2009-1412 | 2 Google, Microsoft | 2 Chrome, Internet Explorer | 2021-07-23 | 7.8 HIGH | N/A |
| Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions. | |||||
| CVE-2009-2576 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. | |||||
| CVE-2005-1790 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability." | |||||
| CVE-2005-2087 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem. | |||||
| CVE-2005-4827 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. | |||||
| CVE-2008-0090 | 2 Divx, Microsoft | 2 Divx Player, Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method. | |||||
| CVE-2007-4041 | 2 Microsoft, Mozilla | 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more | 2021-07-23 | 6.8 MEDIUM | N/A |
| Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | |||||
| CVE-2009-2954 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | |||||