Microsoft Internet Explorer vulnerabilities

CVE-2007-3902 [CRITICAL] CWE-189 CVE-2007-3902: Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Exp Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."

CVE-2007-5347 [MEDIUM] CWE-399 CVE-2007-5347: Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "un Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."

CVE-2007-3903 [MEDIUM] CVE-2007-3903: Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitiali Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."

CVE-2007-5344 [MEDIUM] CVE-2007-5344: Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a c Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a va

CVE-2007-5355 [MEDIUM] CVE-2007-5355: The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary D The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.

CVE-2007-5456 [HIGH] CVE-2007-5456: Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Sec Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms,

CVE-2007-3896 [CRITICAL] CVE-2007-3896: The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with I The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might

CVE-2007-3892 [HIGH] CVE-2007-3892: Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.

CVE-2007-3893 [MEDIUM] CWE-399 CVE-2007-3893: Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to e Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.

CVE-2007-5277 [MEDIUM] CVE-2007-5277: Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, wh Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560.

CVE-2007-5158 [MEDIUM] CVE-2007-5158: The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attacker The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511.

CVE-2007-4848 [MEDIUM] CVE-2007-4848: Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of loca Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.

CVE-2007-4790 [HIGH] CWE-119 CVE-2007-4790: Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib. Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function.

CVE-2007-4478 [MEDIUM] CVE-2007-4478: Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assist Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content.

CVE-2007-4356 [CRITICAL] CVE-2007-4356: Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during a Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file.

CVE-2007-3041 [CRITICAL] CVE-2007-3041: Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability."

CVE-2007-2216 [CRITICAL] CWE-16 CVE-2007-2216: The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll proper

CVE-2007-1749 [CRITICAL] CVE-2007-1749: Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow.

CVE-2007-0943 [MEDIUM] CVE-2007-0943: Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arb Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.

CVE-2007-4227 [MEDIUM] CVE-2007-4227: Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958.