Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Internet Explorer
Total 1742 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-1262 1 Microsoft 1 Internet Explorer 2021-07-23 7.5 HIGH N/A
Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files.
CVE-2006-1303 1 Microsoft 2 Ie, Internet Explorer 2021-07-23 9.3 HIGH N/A
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.
CVE-2004-2011 1 Microsoft 1 Internet Explorer 2021-07-23 2.6 LOW N/A
msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI.
CVE-2004-2307 1 Microsoft 2 Internet Explorer, Windows Xp 2021-07-23 5.0 MEDIUM N/A
Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A.
CVE-2006-0057 1 Microsoft 2 Ie, Internet Explorer 2021-07-23 7.5 HIGH N/A
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.
CVE-2006-4687 1 Microsoft 2 Ie, Internet Explorer 2021-07-23 5.1 MEDIUM N/A
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
CVE-2004-0566 1 Microsoft 1 Internet Explorer 2021-07-23 7.5 HIGH N/A
Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.
CVE-2002-0691 1 Microsoft 1 Internet Explorer 2021-07-23 7.5 HIGH N/A
Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource" as identified by CAN-2002-0189.
CVE-2006-5884 1 Microsoft 2 Ie, Internet Explorer 2021-07-23 7.5 HIGH N/A
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.
CVE-2006-0585 1 Microsoft 1 Internet Explorer 2021-07-23 5.0 MEDIUM N/A
jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference.
CVE-2006-1186 1 Microsoft 2 Ie, Internet Explorer 2021-07-23 10.0 HIGH N/A
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
CVE-2002-0136 1 Microsoft 1 Internet Explorer 2021-07-23 5.0 MEDIUM N/A
Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript.
CVE-2000-0061 1 Microsoft 1 Internet Explorer 2021-07-23 10.0 HIGH N/A
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.
CVE-2000-0465 1 Microsoft 1 Internet Explorer 2021-07-23 5.1 MEDIUM N/A
Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability.
CVE-2000-0503 1 Microsoft 1 Internet Explorer 2021-07-23 2.6 LOW N/A
The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.
CVE-2007-0944 1 Microsoft 5 Ie, Internet Explorer, Windows 2000 and 2 more 2021-07-23 9.3 HIGH N/A
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
CVE-2010-0805 1 Microsoft 3 Internet Explorer, Windows 2000, Windows Xp 2021-07-23 9.3 HIGH N/A
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."
CVE-2008-1086 1 Microsoft 6 Internet Explorer, Windows-nt, Windows 2000 and 3 more 2021-07-23 9.3 HIGH N/A
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
CVE-2010-0491 1 Microsoft 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more 2021-07-23 9.3 HIGH N/A
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability."
CVE-2006-2382 1 Microsoft 1 Internet Explorer 2021-07-23 10.0 HIGH N/A
Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."