U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*
  • CPE Name Search: true
There are 113 matching records.
Displaying matches 101 through 113.
Vuln ID Summary CVSS Severity
CVE-2007-0219

Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.

Published: February 13, 2007; 6:28:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-4697

Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.

Published: February 13, 2007; 5:28:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2006-6956

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.

Published: January 29, 2007; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-0024

Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."

Published: January 09, 2007; 6:28:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2006-3545

Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags. NOTE: a third party has disputed this issue, stating that the crash does not occur with Microsoft Internet Explorer 7.0 Beta3

Published: July 12, 2006; 8:05:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2005-4625

Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified Intel driver, might allow remote attackers to cause a denial of service (system crash) via a large JPEG image, as demonstrated in Internet Explorer using stoopid.jpg with a width and height of 9999999.

Published: December 31, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2005-4841

The Outlook Progress Ctl control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

Published: December 31, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2005-4842

The System Monitor Source Properties control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

Published: December 31, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2005-4843

The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

Published: December 31, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2005-4844

The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

Published: December 31, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2005-1829

Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other.

Published: May 28, 2005; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2004-2704

Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks.

Published: December 31, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2004-0549

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.

Published: August 06, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH