| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-1545 |
119 |
|
DoS Overflow Mem. Corr. Bypass |
2012-03-09 |
2012-03-12 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. |
|
2 |
CVE-2011-4689 |
264 |
|
|
2011-12-07 |
2012-03-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. |
|
3 |
CVE-2011-1244 |
264 |
|
+Info |
2011-04-13 |
2011-07-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." |
|
4 |
CVE-2010-5071 |
264 |
|
+Info |
2011-12-07 |
2012-03-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. |
|
5 |
CVE-2010-1991 |
399 |
|
DoS |
2010-05-20 |
2010-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. |
|
6 |
CVE-2010-1127 |
|
|
DoS Exec Code |
2010-03-26 |
2010-03-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement. |
|
7 |
CVE-2009-4073 |
200 |
|
+Info |
2009-11-24 |
2011-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page. |
|
8 |
CVE-2009-3943 |
|
|
DoS |
2009-11-16 |
2009-11-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. |
|
9 |
CVE-2009-3270 |
399 |
|
DoS |
2009-09-18 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. |
|
10 |
CVE-2009-3267 |
399 |
|
DoS |
2009-09-18 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828. |
|
11 |
CVE-2009-2954 |
20 |
|
DoS |
2009-08-24 |
2010-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. |
|
12 |
CVE-2009-2576 |
399 |
|
DoS |
2009-07-22 |
2009-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. |
|
13 |
CVE-2009-2069 |
287 |
|
|
2009-06-15 |
2009-06-23 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. |
|
14 |
CVE-2009-2057 |
287 |
|
|
2009-06-15 |
2009-06-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. |
|
15 |
CVE-2008-7295 |
264 |
|
|
2011-08-09 |
2012-08-02 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. |
|
16 |
CVE-2008-0090 |
119 |
1
|
DoS Overflow |
2008-01-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method. |
|
17 |
CVE-2007-5355 |
|
|
|
2007-12-05 |
2008-09-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. |
|
18 |
CVE-2007-3497 |
|
|
|
2007-06-29 |
2008-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable. |
|
19 |
CVE-2007-3481 |
119 |
|
Overflow Bypass |
2007-06-28 |
2008-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain. |
|
20 |
CVE-2007-3164 |
|
|
|
2007-06-11 |
2008-11-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar. |
|
21 |
CVE-2007-2161 |
|
|
DoS |
2007-04-22 |
2008-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. |
|
22 |
CVE-2007-0356 |
|
|
DoS |
2007-01-18 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value. |
|
23 |
CVE-2006-7065 |
|
|
DoS |
2007-03-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. |
|
24 |
CVE-2006-7031 |
|
1
|
DoS |
2007-02-22 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll. |
|
25 |
CVE-2006-7030 |
|
|
DoS |
2007-02-22 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll. |
|
26 |
CVE-2006-7029 |
|
|
DoS |
2007-02-22 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637. |
|
27 |
CVE-2006-6659 |
|
|
DoS |
2006-12-19 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. |
|
28 |
CVE-2006-6311 |
|
|
DoS |
2006-12-06 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service via a style attribute in an HTML table tag with a width value that is dynamically calculated using JavaScript. |
|
29 |
CVE-2006-6310 |
|
|
DoS |
2006-12-06 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
|
30 |
CVE-2006-5805 |
|
|
|
2006-11-08 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid. |
|
31 |
CVE-2006-5162 |
|
|
DoS Overflow |
2006-10-05 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow. |
|
32 |
CVE-2006-4888 |
|
|
DoS |
2006-09-19 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. |
|
33 |
CVE-2006-4687 |
119 |
|
Exec Code Overflow Mem. Corr. |
2006-11-14 |
2011-10-03 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." |
|
34 |
CVE-2006-4446 |
|
|
DoS Exec Code Overflow |
2006-08-29 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points. |
|
35 |
CVE-2006-4301 |
20 |
1
|
DoS |
2006-08-22 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1. |
|
36 |
CVE-2006-3944 |
|
|
DoS Overflow |
2006-07-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. |
|
37 |
CVE-2006-3915 |
|
|
DoS |
2006-07-27 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference. |
|
38 |
CVE-2006-3910 |
|
|
DoS |
2006-07-27 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference. |
|
39 |
CVE-2006-3899 |
|
|
DoS |
2006-07-27 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function. |
|
40 |
CVE-2006-3898 |
|
|
DoS |
2006-07-27 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference. |
|
41 |
CVE-2006-3897 |
|
|
DoS Overflow |
2006-07-27 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. |
|
42 |
CVE-2006-3659 |
|
|
DoS |
2006-07-18 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object. |
|
43 |
CVE-2006-3658 |
|
|
DoS |
2006-07-18 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check. |
|
44 |
CVE-2006-3657 |
|
|
DoS Overflow |
2006-07-18 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property. |
|
45 |
CVE-2006-3640 |
|
|
+Info |
2006-08-08 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." |
|
46 |
CVE-2006-3637 |
|
|
Exec Code Mem. Corr. |
2006-08-08 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." |
|
47 |
CVE-2006-3605 |
|
|
DoS |
2006-07-18 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference. |
|
48 |
CVE-2006-3591 |
|
|
DoS |
2006-07-18 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference. |
|
49 |
CVE-2006-3545 |
|
|
DoS |
2006-07-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags. NOTE: a third party has disputed this issue, stating that the crash does not occur with Microsoft Internet Explorer 7.0 Beta3. |
|
50 |
CVE-2006-3513 |
|
|
DoS |
2006-07-11 |
2008-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference. |
