U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 267 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2007-3341

Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217.

Published: June 21, 2007; 7:30:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-3092

Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks.

Published: June 06, 2007; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-3075

Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences.

Published: June 06, 2007; 6:30:00 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-2718

Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags.

Published: May 16, 2007; 3:28:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-0942

Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.

Published: May 08, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-0945

Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability."

Published: May 08, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-2221

Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability."

Published: May 08, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2006-7065

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.

Published: March 02, 2007; 4:18:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-7066

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.

Published: March 02, 2007; 4:18:00 PM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-1091

Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.

Published: February 26, 2007; 6:28:00 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-7031

Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.

Published: February 22, 2007; 10:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-0219

Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.

Published: February 13, 2007; 6:28:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-4697

Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.

Published: February 13, 2007; 5:28:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-0217

The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.

Published: February 13, 2007; 5:28:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-0612

Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.

Published: January 31, 2007; 6:28:00 AM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2006-6956

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.

Published: January 29, 2007; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-6310

Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published: December 06, 2006; 3:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-5162

wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow.

Published: October 05, 2006; 12:04:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-4868

Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.

Published: September 19, 2006; 3:07:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2006-4193

Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files.

Published: August 16, 2006; 9:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH