cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
Max CVSS
5.0
EPSS Score
0.24%
Published
2009-11-24
Updated
2021-07-23
Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property.
Max CVSS
5.0
EPSS Score
0.20%
Published
2009-11-16
Updated
2022-02-28
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.
Max CVSS
9.3
EPSS Score
92.44%
Published
2009-12-09
Updated
2023-12-07
Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
80.41%
Published
2009-12-09
Updated
2023-12-07

CVE-2009-3672

Public exploit
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.
Max CVSS
9.3
EPSS Score
71.60%
Published
2009-12-02
Updated
2023-12-07
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.
Max CVSS
9.3
EPSS Score
92.44%
Published
2009-12-09
Updated
2023-12-07
Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
Max CVSS
5.0
EPSS Score
0.87%
Published
2009-09-18
Updated
2022-02-28
Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
Max CVSS
5.0
EPSS Score
0.69%
Published
2009-09-18
Updated
2022-02-28
Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute.
Max CVSS
5.0
EPSS Score
40.48%
Published
2009-08-31
Updated
2017-09-19
Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
Max CVSS
4.3
EPSS Score
2.04%
Published
2009-08-28
Updated
2017-09-19
Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232.
Max CVSS
7.8
EPSS Score
6.31%
Published
2009-08-05
Updated
2009-08-06
mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.
Max CVSS
4.3
EPSS Score
1.78%
Published
2009-08-03
Updated
2017-09-19
Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
Max CVSS
4.3
EPSS Score
4.44%
Published
2009-07-20
Updated
2018-10-10
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530.
Max CVSS
9.3
EPSS Score
93.24%
Published
2009-10-14
Updated
2023-12-07
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531.
Max CVSS
9.3
EPSS Score
93.24%
Published
2009-10-14
Updated
2023-12-07
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."
Max CVSS
9.3
EPSS Score
50.71%
Published
2009-10-14
Updated
2023-12-07
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
Max CVSS
4.3
EPSS Score
1.36%
Published
2009-07-10
Updated
2021-07-23
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
Max CVSS
5.8
EPSS Score
0.10%
Published
2009-06-15
Updated
2021-07-23
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
Max CVSS
6.8
EPSS Score
0.22%
Published
2009-06-15
Updated
2018-10-30
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Max CVSS
5.8
EPSS Score
0.33%
Published
2009-06-15
Updated
2021-07-23
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
88.26%
Published
2009-07-29
Updated
2023-12-07
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability."
Max CVSS
10.0
EPSS Score
95.45%
Published
2009-07-29
Updated
2023-12-07
Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
92.48%
Published
2009-07-29
Updated
2023-12-07
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
95.57%
Published
2009-10-14
Updated
2023-12-07
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
92.47%
Published
2009-06-10
Updated
2023-12-07
39 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!