CVE Daily
← All tags

Tag: Internet Explorer

All CVEs associated with "Internet Explorer". Page 11/17 • 2029 CVEs.

Subscribe CVEs: RSS for “Internet Explorer”  ·  RSS (High+Critical only)

About “Internet Explorer”

A curated feed of “Internet Explorer”-related CVEs appears below. We currently track 2029 CVEs for this tag (all time). In the last 365 days, 5 were published. Average CVSS is 7.3 (all time; 8.1 over 365d), and 64% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-787 - Out-of-bounds Write, CWE-319 - Cleartext Transmission of Sensitive Information.

In our taxonomy this topic maps to a LOW impact class. Browsers are high value endpoints. Force auto updates, enforce enterprise policies, limit risky extensions, and enable site isolation or sandboxing. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2010-10-13
Medium

CVE-2010-3243

Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoin…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Low

CVE-2010-0808

Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive f…

CVSS: 2.6 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2010-10-08
Medium

CVE-2010-3886

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2010-09-17
Medium

CVE-2010-3324

The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2,…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2010-08-30
Critical

CVE-2010-3001

Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and…

CVSS: 9.3 CWE: N/A View on NVD
2010-08-11
Critical

CVE-2010-2560

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialize…

CVSS: 9.3 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2010-2559

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) i…

CVSS: 9.3 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Critical

CVE-2010-2558

Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory…

CVSS: 9.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Critical

CVE-2010-2557

Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) i…

CVSS: 9.3 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Critical

CVE-2010-2556

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialize…

CVSS: 9.3 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2010-1258

Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sen…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2010-07-15
Critical

CVE-2010-1881

The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Exp…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2010-0814

The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer duri…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2010-07-06
Medium

CVE-2010-2479

Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web sc…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2010-06-24
Medium

CVE-2010-2442

Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."

CVSS: 4.3 CWE: CWE-264 View on NVD
Medium

CVE-2010-2429

Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2010-06-08
Critical

CVE-2010-1262

Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2010-1261

The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initializ…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2010-1260

The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initializ…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2010-1259

Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2010-0811

Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2010-1257

Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2010-1647

Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2010-06-01
Medium

CVE-2010-2119

Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for…

CVSS: 4.3 CWE: CWE-399 View on NVD
Medium

CVE-2010-2118

Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates I…

CVSS: 4.3 CWE: CWE-399 View on NVD
2010-05-27
Medium

CVE-2010-2091

Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2010-05-20
Medium

CVE-2010-1991

Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attacker…

CVSS: 5.0 CWE: CWE-399 View on NVD
2010-05-07
Medium

CVE-2010-1852

Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identi…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2010-04-23
Medium

CVE-2009-4804

Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2010-04-20
Medium

CVE-2010-1489

The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites t…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2010-03-31
Critical

CVE-2010-0807

Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTM…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2010-0805

The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataUR…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2010-0494

Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2010-0492

Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and de…

CVSS: 8.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2010-0491

Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an o…

CVSS: 9.3 CWE: CWE-399 View on NVD
Critical

CVE-2010-0490

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly ini…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2010-0489

Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condit…

CVSS: 9.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2010-0488

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive info…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2010-0267

Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initia…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2010-03-29
Critical

CVE-2010-1175

Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC at…

CVSS: 9.3 CWE: N/A View on NVD
2010-03-26
Medium

CVE-2010-1127

Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer…

CVSS: 5.0 CWE: N/A View on NVD
2010-03-25
Critical

CVE-2010-1118

Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstra…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2010-1117

Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via u…

CVSS: 7.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2010-03-24
High

CVE-2010-1098

The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption…

CVSS: 7.1 CWE: CWE-399 View on NVD
2010-03-10
High

CVE-2010-0806

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving acc…

CVSS: 8.8 CWE: CWE-399 View on NVD
2010-03-03
High

CVE-2010-0917

Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbit…

CVSS: 7.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2010-0483

vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute ar…

CVSS: 7.6 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2010-02-18
Medium

CVE-2010-0652

Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2010-02-04
Medium

CVE-2010-0255

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and…

CVSS: 4.3 CWE: CWE-264 View on NVD
Critical

CVE-2010-0555

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and…

CVSS: 9.3 CWE: N/A View on NVD
2010-01-28
Medium

CVE-2004-2765

Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to injec…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2010-01-22
High

CVE-2010-0248

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly ini…

CVSS: 8.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2010-0247

Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2010-0246

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) i…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2010-0245

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) i…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2010-0244

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly ini…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2010-0027

The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2010-01-15
High

CVE-2010-0249

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2009-12-30
Medium

CVE-2009-4459

Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary scr…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-12-09
Critical

CVE-2009-3674

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) i…

CVSS: 9.3 CWE: CWE-399 View on NVD
Critical

CVE-2009-3673

Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2009-3671

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) i…

CVSS: 8.1 CWE: CWE-399 View on NVD
2009-12-02
Critical

CVE-2009-3672

Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via v…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2009-11-25
Medium

CVE-2009-4074

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inhe…

CVSS: 4.3 CWE: N/A View on NVD
2009-11-24
Medium

CVE-2009-4073

The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2009-11-20
Medium

CVE-2009-4040

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-11-19
Medium

CVE-2009-3977

Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Manager (OV NNM) 7.53 might allow remote attackers to cause a denial of service (memory corruption)…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2009-11-16
Medium

CVE-2009-3943

Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home…

CVSS: 5.0 CWE: N/A View on NVD
2009-11-12
Critical

CVE-2009-3931

Incomplete blacklist vulnerability in browser/download/download_exe.cc in Google Chrome before 3.0.195.32 allows remote attackers to force the download of certain dangerous files via a "Content-Dispo…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
2009-11-04
Medium

CVE-2009-3860

Multiple insecure method vulnerabilities in Idefense Labs COMRaider allow remote attackers to create or overwrite arbitrary files via the (1) CreateFolder and (2) Copy methods. NOTE: this might only…

CVSS: 5.8 CWE: CWE-264 View on NVD
2009-10-27
Medium

CVE-2009-3803

Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the status_message parameter to (1) /news, (2) /…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-10-14
Critical

CVE-2009-3126

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP…

CVSS: 9.3 CWE: CWE-189 View on NVD
Critical

CVE-2009-2531

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly ini…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2009-2530

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly ini…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2009-2529

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted…

CVSS: 8.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2009-2510

The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used…

CVSS: 6.8 CWE: CWE-310 View on NVD
Critical

CVE-2009-2503

GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 20…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2009-2502

Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2…

CVSS: 8.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2009-2501

Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Vis…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2009-2500

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP…

CVSS: 9.3 CWE: CWE-189 View on NVD
High

CVE-2009-1547

Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption,…

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2009-09-18
Medium

CVE-2009-3270

Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack…

CVSS: 5.0 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2009-3267

Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN…

CVSS: 5.0 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2009-09-09
High

CVE-2009-3114

The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machi…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2009-09-08
Critical

CVE-2009-1920

The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allow…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2009-09-01
Medium

CVE-2009-3038

A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of servi…

CVSS: 4.3 CWE: N/A View on NVD
2009-08-31
Medium

CVE-2009-3019

Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls crea…

CVSS: 5.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2009-08-28
Medium

CVE-2009-3003

Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demon…

CVSS: 4.3 CWE: N/A View on NVD
2009-08-24
Medium

CVE-2009-2954

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2003-1574

TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some o…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
2009-08-14
Medium

CVE-2009-2764

Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIP…

CVSS: 5.0 CWE: N/A View on NVD
2009-08-05
High

CVE-2009-2668

Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series o…

CVSS: 7.8 CWE: CWE-399 View on NVD
2009-08-03
Medium

CVE-2008-6893

Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2009-2655

mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted U…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2009-07-29
Critical

CVE-2009-1919

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Go…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2009-1918

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Go…

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2009-1917

Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and…

CVSS: 9.3 CWE: CWE-399 View on NVD
2009-07-22
Medium

CVE-2009-2576

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a relat…

CVSS: 5.0 CWE: CWE-399 View on NVD
2009-07-20
Medium

CVE-2009-2536

Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select o…

CVSS: 4.3 CWE: CWE-399 View on NVD
2009-07-15
Critical

CVE-2009-1136

The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2009-07-10
Medium

CVE-2009-2433

Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impac…

CVSS: 4.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2009-07-07
Medium

CVE-2009-2350

Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-06-15
Medium

CVE-2009-2069

Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbi…

CVSS: 5.8 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2009-2064

Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbit…

CVSS: 6.8 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2009-2057

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-mi…

CVSS: 5.8 CWE: CWE-287 - Improper Authentication View on NVD
2009-06-10
High

CVE-2009-1532

Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows rem…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2009-1531

Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via freque…

CVSS: 9.3 CWE: CWE-399 View on NVD
Critical

CVE-2009-1530

Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to e…

CVSS: 9.3 CWE: CWE-399 View on NVD
High

CVE-2009-1529

Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows rem…

CVSS: 8.1 CWE: CWE-399 View on NVD
Critical

CVE-2009-1528

Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, whi…

CVSS: 9.3 CWE: CWE-399 View on NVD
Critical

CVE-2009-1141

Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "in…

CVSS: 9.3 CWE: CWE-399 View on NVD
High

CVE-2009-1140

Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering…

CVSS: 7.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2009-06-01
Low

CVE-2009-1844

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte se…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-05-29
Low

CVE-2009-1823

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject a…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-05-06
Medium

CVE-2009-1575

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted U…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-04-24
High

CVE-2009-1412

Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files…

CVSS: 7.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2009-04-17
Medium

CVE-2009-1335

Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9…

CVSS: 4.3 CWE: N/A View on NVD
2009-04-15
High

CVE-2009-0554

Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote…

CVSS: 8.8 CWE: CWE-399 View on NVD
Critical

CVE-2009-0553

Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers…

CVSS: 9.3 CWE: CWE-399 View on NVD
Critical

CVE-2009-0552

Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD