Microsoft Ie vulnerabilities

CVE-2006-2766 [LOW] CVE-2006-2766: Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.

CVE-2006-2094 [MEDIUM] CWE-362 CVE-2006-2094: Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into

CVE-2006-1186 [CRITICAL] CVE-2006-1186: Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.

CVE-2006-1185 [HIGH] CVE-2006-1185: Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to e Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.

CVE-2006-1188 [HIGH] CVE-2006-1188: Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTM Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.

CVE-2006-1719 [MEDIUM] CVE-2006-1719: Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.

CVE-2006-1192 [LOW] CWE-20 CVE-2006-1192: Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by sp Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-20

CVE-2006-1388 [HIGH] CVE-2006-1388: Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.

CVE-2006-1359 [CRITICAL] CWE-94 CVE-2006-1359: Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.

CVE-2006-1245 [HIGH] CVE-2006-1245: Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versi Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."

CVE-2006-0753 [LOW] CVE-2006-0753: Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers t Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.

CVE-2006-0544 [HIGH] CVE-2006-0544: urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cau urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.

CVE-2006-0057 [HIGH] CVE-2006-0057: Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054

CVE-2005-4827 [HIGH] CVE-2005-4827: Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origi Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy ser

CVE-2005-4717 [MEDIUM] CVE-2005-4717: Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contain

CVE-2005-3240 [MEDIUM] CWE-362 CVE-2005-3240: Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.

CVE-2005-4679 [MEDIUM] CVE-2005-4679: Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the st Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.

CVE-2005-4269 [HIGH] CVE-2005-4269: mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to c mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form.

CVE-2005-2831 [HIGH] CVE-2005-2831: Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (a Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a

CVE-2005-2830 [MEDIUM] CVE-2005-2830: Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic A Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."