# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2008-3173 |
264 |
|
|
2008-07-14 |
2017-08-07 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866. |
2 |
CVE-2008-2949 |
|
|
|
2008-06-30 |
2008-10-15 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. |
3 |
CVE-2008-2948 |
|
|
|
2008-06-30 |
2008-10-15 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. |
4 |
CVE-2008-2841 |
94 |
|
Exec Code |
2008-06-24 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. |
5 |
CVE-2007-5347 |
399 |
|
Exec Code Mem. Corr. |
2007-12-11 |
2018-10-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." |
6 |
CVE-2007-5344 |
94 |
|
Exec Code Mem. Corr. |
2007-12-11 |
2018-10-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." |
7 |
CVE-2007-4041 |
78 |
|
Exec Code |
2007-07-27 |
2008-09-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. |
8 |
CVE-2007-3903 |
399 |
|
Exec Code Mem. Corr. |
2007-12-11 |
2018-10-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability." |
9 |
CVE-2007-3893 |
399 |
|
Exec Code Mem. Corr. |
2007-10-09 |
2018-10-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error. |
10 |
CVE-2007-1091 |
|
|
|
2007-02-26 |
2018-10-16 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers. |
11 |
CVE-2007-0943 |
|
|
Exec Code Mem. Corr. |
2007-08-14 |
2018-10-12 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers. |
12 |
CVE-2006-5913 |
|
|
|
2006-11-15 |
2018-10-17 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. |
13 |
CVE-2006-5544 |
|
|
|
2006-10-26 |
2018-10-17 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL. |
14 |
CVE-2006-5152 |
|
|
XSS |
2006-10-05 |
2018-10-17 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032. |
15 |
CVE-2006-3643 |
79 |
|
Exec Code XSS |
2006-08-08 |
2018-10-12 |
6.0 |
User |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." |
16 |
CVE-2006-2378 |
|
|
Exec Code Overflow |
2006-06-13 |
2018-10-12 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. |
17 |
CVE-2004-0845 |
|
|
+Info |
2004-11-03 |
2018-10-12 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. |
18 |
CVE-2002-2311 |
264 |
|
|
2002-12-31 |
2008-09-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. |
19 |
CVE-2002-2125 |
|
|
|
2002-12-31 |
2008-09-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack. |
20 |
CVE-2002-1188 |
|
|
+Info |
2002-12-11 |
2018-10-12 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading." |
21 |
CVE-2002-1187 |
|
|
XSS |
2002-12-11 |
2018-10-12 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource. |
22 |
CVE-2002-0976 |
|
|
|
2002-09-24 |
2016-10-17 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet. |
23 |
CVE-2001-0723 |
|
|
|
2001-11-14 |
2018-10-12 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability." |
24 |
CVE-2001-0722 |
|
|
|
2001-12-06 |
2018-10-12 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability." |