CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Internet Explorer » 10 : Security Vulnerabilities (Bypass)

Cpe Name:cpe:/a:microsoft:internet_explorer:10
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1220 732 Bypass 2019-09-11 2019-09-13
4.3
None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'.
2 CVE-2019-1192 254 Bypass 2019-08-14 2019-08-20
4.3
None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'.
3 CVE-2019-0761 254 Bypass 2019-04-08 2019-04-09
4.3
None Remote Medium Not required None Partial None
A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0768.
4 CVE-2018-0949 Bypass 2018-07-10 2019-10-02
4.3
None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
5 CVE-2017-8592 200 Bypass +Info 2017-07-11 2017-07-19
4.3
None Remote Medium Not required Partial None None
Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka "Microsoft Browser Security Feature Bypass".
6 CVE-2017-0064 Bypass 2017-05-12 2019-10-02
4.3
None Remote Medium Not required None Partial None
A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka "Internet Explorer Security Feature Bypass Vulnerability."
7 CVE-2016-7281 254 Bypass 2016-12-20 2018-10-12
2.6
None Remote High Not required None Partial None
The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."
8 CVE-2016-7199 200 Bypass +Info 2016-11-10 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
9 CVE-2016-3353 254 Bypass 2016-09-14 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows remote attackers to bypass intended access restrictions via a crafted file, aka "Internet Explorer Security Feature Bypass."
10 CVE-2016-3292 20 Bypass 2016-09-14 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
11 CVE-2016-3245 284 Bypass 2016-07-12 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass Vulnerability."
12 CVE-2016-0194 200 Bypass +Info 2016-05-10 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
13 CVE-2016-0069 264 Bypass 2016-02-18 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068.
14 CVE-2016-0068 264 Bypass 2016-02-18 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069.
15 CVE-2016-0005 20 Bypass 2016-01-13 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability."
16 CVE-2015-6164 20 XSS Bypass 2015-12-09 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Internet Explorer 9 through 11 improperly implements a cross-site scripting (XSS) protection mechanism, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, aka "Internet Explorer XSS Filter Bypass Vulnerability."
17 CVE-2015-6161 200 Bypass +Info 2015-12-09 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass."
18 CVE-2015-6144 79 XSS Bypass 2015-12-09 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Internet Explorer 8 through 11 and Microsoft Edge mishandle HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Browser XSS Filter Bypass Vulnerability."
19 CVE-2015-6138 79 XSS Bypass 2015-12-09 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Internet Explorer 8 through 11 mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Internet Explorer XSS Filter Bypass Vulnerability."
20 CVE-2015-6088 200 Bypass +Info 2015-11-11 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass."
21 CVE-2015-6052 200 Bypass +Info 2015-10-13 2018-10-12
4.3
None Remote Medium Not required Partial None None
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."
22 CVE-2015-6047 264 +Priv Bypass 2015-10-13 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
The broker EditWith feature in Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the AppContainer protection mechanism and gain privileges via a DelegateExecute launch of an arbitrary application, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability."
23 CVE-2015-2449 200 Bypass +Info 2015-08-14 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass."
24 CVE-2015-2445 200 Bypass +Info 2015-08-14 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 10 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass."
25 CVE-2015-2421 200 Bypass +Info 2015-07-14 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass."
26 CVE-2015-2398 79 XSS Bypass 2015-07-14 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability."
27 CVE-2015-1686 200 Bypass +Info 2015-05-13 2018-10-12
4.3
None Remote Medium Not required Partial None None
The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."
28 CVE-2015-1684 200 Bypass +Info 2015-05-13 2018-10-12
4.3
None Remote Medium Not required Partial None None
VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used in Internet Explorer 8 through 11 and other products, allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript ASLR Bypass."
29 CVE-2015-1661 264 Bypass 2015-04-14 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
30 CVE-2015-0072 79 XSS Bypass 2015-02-07 2018-10-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)."
31 CVE-2015-0071 264 Bypass 2015-02-10 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
32 CVE-2015-0069 264 Bypass 2015-02-10 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
33 CVE-2014-6365 20 XSS Bypass 2014-12-10 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6328.
34 CVE-2014-6328 20 XSS Bypass 2014-12-10 2018-10-12
5.0
None Remote Low Not required None Partial None
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6365.
35 CVE-2014-4140 264 Bypass 2014-10-15 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
36 CVE-2014-2783 264 Bypass 2014-07-08 2018-10-12
6.4
None Remote Low Not required Partial Partial None
Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka "Extended Validation (EV) Certificate Security Feature Bypass Vulnerability."
37 CVE-2014-1764 264 Exec Code Bypass 2014-04-27 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
38 CVE-2014-1763 399 Exec Code Bypass 2014-04-27 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
39 CVE-2014-1762 Exec Code Bypass 2014-04-27 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014.
40 CVE-2014-0268 264 Bypass 2014-02-11 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
41 CVE-2013-5046 20 Exec Code +Priv Bypass 2013-12-10 2018-10-12
6.2
None Local High Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."
42 CVE-2013-5045 20 1 Exec Code +Priv Bypass 2013-12-10 2018-10-12
6.2
None Local High Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."
43 CVE-2013-4015 264 Exec Code +Priv Bypass 2013-07-26 2018-10-12
6.9
None Local Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code.
44 CVE-2013-3908 200 Bypass +Info 2013-11-12 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that is not properly handled during a print-preview action, aka "Internet Explorer Information Disclosure Vulnerability."
45 CVE-2013-2552 Bypass 2013-03-11 2013-03-16
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
Total number of vulnerabilities : 45   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.