Microsoft Internet Explorer vulnerabilities
1,594 known vulnerabilities affecting microsoft/internet_explorer.
Total CVEs
1,594
CISA KEV
40
actively exploited
Public exploits
364
Exploited in wild
48
Severity breakdown
CRITICAL690HIGH450MEDIUM404LOW50
Vulnerabilities
Page 55 of 80
CVE-2010-2560CRITICALCVSS 9.3v6v7+1 more2010-08-11
CVE-2010-2560 [CRITICAL] CWE-787 CVE-2010-2560: Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows rem
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability."
nvd
CVE-2010-2559CRITICALCVSS 9.3v82010-08-11
CVE-2010-2559 [CRITICAL] CVE-2010-2559: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attack
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2
nvd
CVE-2010-2558CRITICALCVSS 9.3v6v7+1 more2010-08-11
CVE-2010-2558 [CRITICAL] CWE-362 CVE-2010-2558: Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitra
Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability."
nvd
CVE-2010-2556CRITICALCVSS 9.3v6v7+1 more2010-08-11
CVE-2010-2556 [CRITICAL] CWE-908 CVE-2010-2556: Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows rem
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
nvd
CVE-2010-2557CRITICALCVSS 9.3v62010-08-11
CVE-2010-2557 [CRITICAL] CWE-908 CVE-2010-2557: Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attack
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
nvd
CVE-2010-1258MEDIUMCVSS 4.3v6v7+1 more2010-08-11
CVE-2010-1258 [MEDIUM] CWE-200 CVE-2010-1258: Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which
Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."
nvd
CVE-2010-1262CRITICALCVSS 9.3v8v6+1 more2010-06-08
CVE-2010-1262 [CRITICAL] CWE-94 CVE-2010-1262: Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary cod
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."
nvd
CVE-2010-1259CRITICALCVSS 9.3v8v6+1 more2010-06-08
CVE-2010-1259 [CRITICAL] CWE-94 CVE-2010-1259: Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary cod
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
nvd
CVE-2010-1261CRITICALCVSS 9.3v82010-06-08
CVE-2010-1261 [CRITICAL] CWE-94 CVE-2010-1261: The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted re
The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
nvd
CVE-2010-1260HIGHCVSS 7.5v82010-06-08
CVE-2010-1260 [HIGH] CWE-94 CVE-2010-1260: The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted re
The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
nvd
CVE-2010-1257MEDIUMCVSS 4.3v82010-06-08
CVE-2010-1257 [MEDIUM] CWE-79 CVE-2010-1257: Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPa
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.
nvd
CVE-2010-2118MEDIUMCVSS 4.3v6.0.2900.21802010-06-01
CVE-2010-2118 [MEDIUM] CWE-399 CVE-2010-2118: Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a deni
Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
nvd
CVE-2010-2119MEDIUMCVSS 4.3v6.0.2900.21802010-06-01
CVE-2010-2119 [MEDIUM] CWE-399 CVE-2010-2119: Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (reso
Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs.
nvd
CVE-2010-1991MEDIUMCVSS 5.0v6.0.2900.2180v7+1 more2010-05-20
CVE-2010-1991 [MEDIUM] CWE-399 CVE-2010-1991: Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situ
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
nvd
CVE-2010-1489MEDIUMCVSS 4.3v82010-04-20
CVE-2010-1489 [MEDIUM] CVE-2010-1489: The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT t
The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.
nvd
CVE-2010-0491CRITICALCVSS 9.3v6v5.012010-03-31
CVE-2010-0491 [CRITICAL] CWE-399 CVE-2010-0491: Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote att
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability."
nvd
CVE-2010-0489CRITICALCVSS 9.3v7v6+1 more2010-03-31
CVE-2010-0489 [CRITICAL] CWE-362 CVE-2010-0489: Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to e
Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability."
nvd
CVE-2010-0807CRITICALCVSS 9.3v72010-03-31
CVE-2010-0807 [CRITICAL] CWE-94 CVE-2010-0807: Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attack
Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
nvd
CVE-2010-0805CRITICALCVSS 9.3PoCv5.01v62010-03-31
CVE-2010-0805 [CRITICAL] CWE-94 CVE-2010-0805: The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."
nvd
CVE-2010-0490CRITICALCVSS 9.3v7v6+2 more2010-03-31
CVE-2010-0490 [CRITICAL] CWE-94 CVE-2010-0490: Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which all
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
nvd