Microsoft Internet Explorer vulnerabilities

CVE-2008-2258 [CRITICAL] CVE-2008-2258: Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, whic Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruptio

CVE-2008-2259 [CRITICAL] CWE-20 CVE-2008-2259: Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print previ Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."

CVE-2008-2255 [CRITICAL] CVE-2008-2255: Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attack Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."

CVE-2008-2256 [CRITICAL] CWE-20 CVE-2008-2256: Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrect Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability."

CVE-2008-2257 [CRITICAL] CWE-399 CVE-2008-2257: Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, whic Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption

CVE-2008-2948 [MEDIUM] CVE-2008-2948: Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of C

CVE-2008-2949 [MEDIUM] CVE-2008-2949: Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of C

CVE-2008-2947 [MEDIUM] CWE-284 CVE-2008-2947: Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Proper

CVE-2008-1442 [CRITICAL] CWE-119 CVE-2008-1442: Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."

CVE-2008-2281 [CRITICAL] CVE-2008-2281: Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0 Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.

CVE-2008-2159 [LOW] CWE-200 CVE-2008-2159: Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSS Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information.

CVE-2008-1086 [CRITICAL] CWE-94 CVE-2008-1086: The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.

CVE-2008-1085 [CRITICAL] CWE-94 CVE-2008-1085: Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows re Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.

CVE-2008-1544 [HIGH] CWE-20 CVE-2008-1544: The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length he

CVE-2008-1545 [MEDIUM] CWE-20 CVE-2008-1545: The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not r The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorre

CVE-2008-1368 [MEDIUM] CVE-2008-1368: CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execu CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a

CVE-2008-0078 [CRITICAL] CWE-94 CVE-2008-0078: Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."

CVE-2008-0076 [CRITICAL] CWE-94 CVE-2008-0076: Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote at Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."

CVE-2008-0077 [HIGH] CWE-416 CVE-2008-0077: Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote at Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."

CVE-2008-0090 [MEDIUM] CWE-119 CVE-2008-0090: A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a de A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method.