Search Results (Refine Search)
- CPE Product Version: cpe:/a:microsoft:internet_explorer:7.0.5730
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-4127 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Published: October 15, 2014; 6:55:08 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2014-4124 |
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-4123. Published: October 15, 2014; 6:55:08 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-4123 |
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124. Published: October 15, 2014; 6:55:08 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-6502 |
Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence. Published: January 22, 2013; 10:55:02 AM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2012-1545 |
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. Published: March 09, 2012; 6:55:01 AM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2010-5071 |
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. Published: December 07, 2011; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-2435 |
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. Published: December 07, 2011; 2:55:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-2379 |
Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing. Published: August 09, 2011; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-2383 |
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release. Published: June 03, 2011; 1:55:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-2382 |
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. Published: June 03, 2011; 1:55:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-1127 |
Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement. Published: March 26, 2010; 4:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-0248 |
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Published: January 22, 2010; 5:00:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-0244 |
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531. Published: January 22, 2010; 5:00:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-0027 |
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." Published: January 22, 2010; 5:00:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-3943 |
Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. Published: November 16, 2009; 2:30:01 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-3270 |
Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. Published: September 18, 2009; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-3267 |
Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828. Published: September 18, 2009; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-2536 |
Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Published: July 20, 2009; 2:30:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2009-2433 |
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument. Published: July 10, 2009; 5:00:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2009-2064 |
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." Published: June 15, 2009; 3:30:05 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |