Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:microsoft:ie:6:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 50 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2009-2576

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.

Published: July 22, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-1085

Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.

Published: April 08, 2008; 7:05:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-0076

Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."

Published: February 12, 2008; 6:00:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-0078

Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."

Published: February 12, 2008; 6:00:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2006-7065

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.

Published: March 02, 2007; 4:18:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-0811

Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.

Published: February 07, 2007; 6:28:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-5577

Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.

Published: December 12, 2006; 3:28:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-5578

Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.

Published: December 12, 2006; 3:28:00 PM -0500
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-4687

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

Published: November 14, 2006; 4:07:00 PM -0500
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-5884

Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.

Published: November 14, 2006; 4:07:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4888

Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.

Published: September 19, 2006; 5:07:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-4560

Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.

Published: September 05, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-3639

Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."

Published: August 08, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-3640

Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."

Published: August 08, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-3643

Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."

Published: August 08, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2006-3451

Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.

Published: August 08, 2006; 7:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-3637

Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

Published: August 08, 2006; 7:04:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-3943

Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.

Published: July 31, 2006; 7:04:00 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-3944

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.

Published: July 31, 2006; 7:04:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-3657

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.

Published: July 18, 2006; 11:47:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM