Microsoft Ie vulnerabilities

CVE-2006-5577 [MEDIUM] CVE-2006-5577: Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information vi Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.

CVE-2006-5578 [LOW] CVE-2006-5578: Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files ( Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.

CVE-2006-5913 [MEDIUM] CVE-2006-5913: Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a sec Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigge

CVE-2006-5884 [HIGH] CVE-2006-5884: Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Expl Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.

CVE-2006-4687 [MEDIUM] CWE-119 CVE-2006-4687: Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via cra Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

CVE-2006-5805 [MEDIUM] CVE-2006-5805: Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid.

CVE-2006-5544 [MEDIUM] CVE-2006-5544: Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof th Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL.

CVE-2006-4888 [MEDIUM] CVE-2006-4888: Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (appl Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.

CVE-2006-4777 [HIGH] CVE-2006-4777: Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM obj Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demo

CVE-2006-3873 [HIGH] CVE-2006-3873: Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-

CVE-2006-4560 [HIGH] CVE-2006-4560: Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pin

CVE-2006-4495 [HIGH] CVE-2006-4495: Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.

CVE-2006-4446 [MEDIUM] CVE-2006-4446: Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Inte Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.

CVE-2006-3869 [HIGH] CVE-2006-3869: Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.

CVE-2006-4301 [MEDIUM] CWE-20 CVE-2006-4301: Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransfor

CVE-2006-4219 [HIGH] CVE-2006-4219: The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.

CVE-2006-4193 [HIGH] CVE-2006-4193: Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a d Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certa

CVE-2006-3639 [HIGH] CVE-2006-3639: Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when h Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."

CVE-2006-3640 [MEDIUM] CVE-2006-3640: Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between p Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."

CVE-2006-3643 [MEDIUM] CWE-79 CVE-2006-3643: Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 S Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."