Filtered by vendor Microsoft
Subscriptions
Filtered by product Internet Explorer
Subscriptions
Total
1744 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3902 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-09 | N/A |
| Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." | ||||
| CVE-2008-3023 | 2 Fswiki, Microsoft | 2 Freestyle Wiki, Internet Explorer | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and earlier, and 3.6.3 dev3 and earlier development versions, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2005-1799. | ||||
| CVE-2008-4844 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008. | ||||
| CVE-2008-5534 | 2 Eset, Microsoft | 2 Nod32 Antivirus, Internet Explorer | 2025-04-09 | N/A |
| ESET NOD32 Antivirus 3662 and possibly 3440, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | ||||
| CVE-2008-5541 | 2 Microsoft, Sophos | 2 Internet Explorer, Anti-virus | 2025-04-09 | N/A |
| Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | ||||
| CVE-2009-0341 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-09 | N/A |
| The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. | ||||
| CVE-2009-0552 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." | ||||
| CVE-2009-1528 | 1 Microsoft | 5 Internet Explorer, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | N/A |
| Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka "HTML Object Memory Corruption Vulnerability." | ||||
| CVE-2007-3958 | 1 Microsoft | 8 Internet Explorer, Windows 2000, Windows 95 and 5 more | 2025-04-09 | N/A |
| Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. | ||||
| CVE-2007-0099 | 1 Microsoft | 2 Internet Explorer, Xml Core Services | 2025-04-09 | N/A |
| Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." | ||||
| CVE-2009-2500 | 1 Microsoft | 27 .net Framework, Excel Viewer, Expression Web and 24 more | 2025-04-09 | N/A |
| Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." | ||||
| CVE-2009-0369 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. | ||||
| CVE-2009-0305 | 2 Microsoft, Research In Motion Limited | 2 Internet Explorer, Blackberry Application Web Loader | 2025-04-09 | N/A |
| Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method. | ||||
| CVE-2007-5355 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | N/A |
| The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. | ||||
| CVE-2008-0454 | 2 Microsoft, Skype Technologies | 3 Internet Explorer, Windows, Skype | 2025-04-09 | N/A |
| Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." | ||||
| CVE-2008-1368 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an existing authenticated connection. | ||||
| CVE-2008-1873 | 2 Microsoft, Tru-zone | 2 Internet Explorer, Nukeet | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-2257 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258. | ||||
| CVE-2008-2258 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257. | ||||
| CVE-2008-2281 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-09 | N/A |
| Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document. | ||||