CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » IE » 6.0.2600 : Security Vulnerabilities

Cpe Name:cpe:/a:microsoft:ie:6.0.2600
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-1545 119 DoS Overflow Mem. Corr. Bypass 2012-03-09 2012-03-12
5.8
None Remote Medium Not required None Partial Partial
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
2 CVE-2011-2382 20 2011-06-03 2011-06-14
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.
3 CVE-2010-5071 264 +Info 2011-12-07 2012-03-07
5.0
None Remote Low Not required Partial None None
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
4 CVE-2010-1127 DoS Exec Code 2010-03-26 2010-03-29
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement.
5 CVE-2010-0248 94 Exec Code Mem. Corr. 2010-01-22 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
6 CVE-2010-0247 94 Exec Code Mem. Corr. 2010-01-22 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
7 CVE-2010-0244 94 Exec Code Mem. Corr. 2010-01-22 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
8 CVE-2009-3943 DoS 2009-11-16 2018-10-10
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property.
9 CVE-2009-3267 399 DoS 2009-09-18 2018-10-11
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
10 CVE-2009-2954 20 DoS 2009-08-24 2018-10-10
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
11 CVE-2009-2576 399 DoS 2009-07-22 2018-10-10
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
12 CVE-2009-2069 287 2009-06-15 2009-06-23
5.8
None Remote Medium Not required Partial Partial None
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
13 CVE-2009-2057 287 2009-06-15 2009-06-25
5.8
None Remote Medium Not required Partial Partial None
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
14 CVE-2007-5347 399 Exec Code Mem. Corr. 2007-12-11 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
15 CVE-2007-5344 94 Exec Code Mem. Corr. 2007-12-11 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."
16 CVE-2007-4848 2007-09-12 2008-11-15
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
17 CVE-2007-3903 399 Exec Code Mem. Corr. 2007-12-11 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."
18 CVE-2007-3902 189 Exec Code Mem. Corr. 2007-12-11 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
19 CVE-2006-7065 DoS 2007-03-02 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
20 CVE-2006-3513 DoS 2006-07-11 2017-07-19
5.0
None Remote Low Not required None None Partial
danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference.
21 CVE-2006-3354 DoS 2006-07-05 2017-07-19
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.
22 CVE-2006-1188 Exec Code Mem. Corr. 2006-04-11 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.
23 CVE-2005-4827 Bypass 2005-12-31 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.
24 CVE-2004-2307 DoS 2004-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A.
25 CVE-2004-2011 DoS 2004-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI.
26 CVE-2002-2435 200 +Info 2011-12-07 2017-08-28
4.3
None Remote Medium Not required Partial None None
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
27 CVE-2002-2125 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
Total number of vulnerabilities : 27   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.