cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.
Max CVSS
9.3
EPSS Score
52.11%
Published
2008-04-08
Updated
2018-10-12
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
78.61%
Published
2008-02-12
Updated
2018-10-12
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
89.80%
Published
2008-02-12
Updated
2018-10-12
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
Max CVSS
5.0
EPSS Score
3.55%
Published
2007-03-02
Updated
2021-07-23
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.
Max CVSS
7.5
EPSS Score
1.73%
Published
2006-11-14
Updated
2021-07-23
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.
Max CVSS
2.6
EPSS Score
4.87%
Published
2006-12-12
Updated
2018-10-17
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.
Max CVSS
4.3
EPSS Score
7.73%
Published
2006-12-12
Updated
2018-10-17
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
Max CVSS
5.0
EPSS Score
3.49%
Published
2006-09-19
Updated
2008-09-05
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
Max CVSS
5.1
EPSS Score
57.40%
Published
2006-11-14
Updated
2021-07-23
Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.
Max CVSS
7.5
EPSS Score
53.14%
Published
2006-09-06
Updated
2018-10-17
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.
Max CVSS
5.0
EPSS Score
72.63%
Published
2006-07-18
Updated
2021-07-23
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check.
Max CVSS
5.0
EPSS Score
51.04%
Published
2006-07-18
Updated
2021-07-23
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.
Max CVSS
5.0
EPSS Score
72.63%
Published
2006-07-18
Updated
2021-07-23
Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
Max CVSS
6.0
EPSS Score
2.09%
Published
2006-08-09
Updated
2021-07-23
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."
Max CVSS
5.0
EPSS Score
81.24%
Published
2006-08-09
Updated
2021-07-23
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."
Max CVSS
7.5
EPSS Score
45.60%
Published
2006-08-09
Updated
2021-07-23
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
Max CVSS
5.1
EPSS Score
96.20%
Published
2006-08-08
Updated
2021-07-23
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
7.5
EPSS Score
72.03%
Published
2006-08-08
Updated
2018-10-18
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.
Max CVSS
5.0
EPSS Score
92.61%
Published
2006-07-06
Updated
2021-07-23
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
Max CVSS
4.0
EPSS Score
95.04%
Published
2006-06-07
Updated
2011-10-11
Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.
Max CVSS
5.0
EPSS Score
3.06%
Published
2006-04-11
Updated
2018-10-18
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.
Max CVSS
2.6
EPSS Score
95.10%
Published
2006-04-11
Updated
2021-07-23
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.
Max CVSS
7.5
EPSS Score
93.58%
Published
2006-04-11
Updated
2021-07-23
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
Max CVSS
10.0
EPSS Score
94.58%
Published
2006-04-11
Updated
2021-07-23
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.
Max CVSS
7.5
EPSS Score
91.75%
Published
2006-04-11
Updated
2021-07-23
42 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!