U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 441 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2013-0021

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability."

Published: February 13, 2013; 7:04:11 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0018

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability."

Published: February 13, 2013; 7:04:11 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0015

Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability."

Published: February 13, 2013; 7:04:11 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-6502

Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence.

Published: January 22, 2013; 10:55:02 AM -0500
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2012-4792

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.

Published: December 30, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-4781

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability."

Published: December 11, 2012; 7:55:01 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-2557

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."

Published: September 21, 2012; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-4969

Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.

Published: September 18, 2012; 6:39:14 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-2522

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."

Published: August 14, 2012; 9:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-2521

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability."

Published: August 14, 2012; 9:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-1526

Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."

Published: August 14, 2012; 9:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-1882

Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability."

Published: June 12, 2012; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-1880

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."

Published: June 12, 2012; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-1879

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability."

Published: June 12, 2012; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-1878

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability."

Published: June 12, 2012; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-1877

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability."

Published: June 12, 2012; 6:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-1876

Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.

Published: June 12, 2012; 6:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-1872

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."

Published: June 12, 2012; 6:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-1523

Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."

Published: June 12, 2012; 6:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-2425

The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (application crash) via a long URI.

Published: April 25, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 1.8 LOW