# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2008-1085 |
94 |
|
Exec Code Mem. Corr. |
2008-04-08 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler. |
2 |
CVE-2008-0078 |
94 |
|
Exec Code Mem. Corr. |
2008-02-12 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability." |
3 |
CVE-2008-0076 |
94 |
|
Exec Code Mem. Corr. |
2008-02-12 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability." |
4 |
CVE-2006-7065 |
|
|
DoS |
2007-03-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. |
5 |
CVE-2006-3944 |
|
|
DoS Overflow |
2006-07-31 |
2017-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. |
6 |
CVE-2006-3943 |
|
|
DoS Overflow |
2006-07-31 |
2017-07-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. |
7 |
CVE-2006-3354 |
|
|
DoS |
2006-07-05 |
2017-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. |
8 |
CVE-2006-2900 |
200 |
|
+Info |
2006-06-07 |
2011-10-11 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. |
9 |
CVE-2006-2056 |
|
|
|
2006-04-26 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. |
10 |
CVE-2006-1192 |
20 |
|
|
2006-04-11 |
2018-10-12 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626. |
11 |
CVE-2006-1188 |
|
|
Exec Code Mem. Corr. |
2006-04-11 |
2018-10-18 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. |
12 |
CVE-2006-1185 |
|
|
Exec Code Mem. Corr. |
2006-04-11 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. |
13 |
CVE-2006-0753 |
|
|
DoS |
2006-02-17 |
2018-10-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status. |
14 |
CVE-2005-4827 |
|
|
Bypass |
2005-12-31 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. |
15 |
CVE-2005-4679 |
|
|
|
2005-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. |