Microsoft Internet Explorer vulnerabilities

CVE-2011-4689 [MEDIUM] CWE-264 CVE-2011-4689: Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Ori Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

CVE-2002-2435 [MEDIUM] CWE-200 CVE-2002-2435: The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

CVE-2011-2001 [CRITICAL] CVE-2011-2001: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."

CVE-2011-2000 [CRITICAL] CVE-2011-2000: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."

CVE-2011-1997 [CRITICAL] CWE-20 CVE-2011-1997: Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attack Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability."

CVE-2011-1996 [CRITICAL] CVE-2011-1996: Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."

CVE-2011-1995 [CRITICAL] CWE-908 CVE-2011-1995: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability."

CVE-2011-1993 [CRITICAL] CVE-2011-1993: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability."

CVE-2011-1999 [CRITICAL] CVE-2011-1999: Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote atta Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."

CVE-2011-1998 [CRITICAL] CWE-908 CVE-2011-1998: Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attack Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability."

CVE-2011-1964 [CRITICAL] CWE-908 CVE-2011-1964: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability."

CVE-2011-1961 [CRITICAL] CVE-2011-1961: The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handl The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability."

CVE-2011-1963 [CRITICAL] CWE-908 CVE-2011-1963: Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability."

CVE-2011-1257 [HIGH] CWE-362 CVE-2011-1257: Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitra Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."

CVE-2011-1960 [MEDIUM] CWE-668 CVE-2011-1960: Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability."

CVE-2011-1962 [MEDIUM] CWE-20 CVE-2011-1962: Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, wh Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability."

CVE-2011-1250 [CRITICAL] CWE-908 CVE-2011-1250: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability."

CVE-2011-1261 [CRITICAL] CWE-908 CVE-2011-1261: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability."

CVE-2011-1254 [CRITICAL] CWE-908 CVE-2011-1254: Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability."

CVE-2011-1251 [CRITICAL] CWE-908 CVE-2011-1251: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attack Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."