Search Results (Refine Search)
- CPE Product Version: cpe:/a:microsoft:internet_explorer:8
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-1961 |
The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability." Published: August 10, 2011; 5:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1960 |
Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." Published: August 10, 2011; 5:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1257 |
Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability." Published: August 10, 2011; 5:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2011-2379 |
Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing. Published: August 09, 2011; 3:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1266 |
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability." Published: June 16, 2011; 4:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1262 |
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability." Published: June 16, 2011; 4:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1261 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability." Published: June 16, 2011; 4:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1260 |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." Published: June 16, 2011; 4:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1258 |
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." Published: June 16, 2011; 4:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1256 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability." Published: June 16, 2011; 4:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1255 |
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability." Published: June 16, 2011; 4:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1254 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability." Published: June 16, 2011; 4:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1252 |
Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." Published: June 16, 2011; 4:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1251 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability." Published: June 16, 2011; 4:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1250 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability." Published: June 16, 2011; 4:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1246 |
Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability." Published: June 16, 2011; 4:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-2383 |
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release. Published: June 03, 2011; 1:55:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-2382 |
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. Published: June 03, 2011; 1:55:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1713 |
Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202. Published: April 15, 2011; 4:55:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1244 |
Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." Published: April 13, 2011; 2:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.8 MEDIUM |