Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-1765 |
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587. Published: May 23, 2011; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1587 |
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578. Published: April 26, 2011; 8:55:04 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1578 |
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. Published: April 26, 2011; 8:55:04 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1245 |
Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability." Published: April 13, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1244 |
Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." Published: April 13, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2011-0094 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability." Published: April 13, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-0036 |
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035. Published: February 10, 2011; 11:00:13 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-0035 |
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. Published: February 10, 2011; 11:00:13 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-0347 |
Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz. Published: January 07, 2011; 6:00:20 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-0346 |
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." Published: January 07, 2011; 6:00:20 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3348 |
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3346 |
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3343 |
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3342 |
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3340 |
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-4183 |
Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479. Published: November 05, 2010; 1:00:03 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3962 |
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. Published: November 05, 2010; 1:00:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3331 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3330 |
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3328 |
Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V3.1: 8.8 HIGH V2.0: 9.3 HIGH |