Microsoft Internet Explorer vulnerabilities

CVE-2007-4042 [HIGH] CVE-2007-4042: Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execut Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

CVE-2007-4041 [MEDIUM] CVE-2007-4041: Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote att Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

CVE-2007-3826 [CRITICAL] CVE-2007-3826: Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leavin Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.

CVE-2007-3670 [MEDIUM] CWE-79 CVE-2007-3670: Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefo Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that

CVE-2007-3576 [MEDIUM] CVE-2007-3576: Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with th Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes

CVE-2007-3550 [HIGH] CWE-94 CVE-2007-3550: Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been dispu

CVE-2007-3493 [HIGH] CVE-2007-3493: A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2 A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400.

CVE-2007-3497 [MEDIUM] CVE-2007-3497: Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable.

CVE-2007-3481 [MEDIUM] CWE-119 CVE-2007-3481: Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable

CVE-2007-3406 [MEDIUM] CVE-2007-3406: Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribut

CVE-2006-7206 [HIGH] CVE-2006-7206: Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899.

CVE-2007-3341 [CRITICAL] CVE-2007-3341: Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote att Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217.

CVE-2007-0218 [CRITICAL] CWE-94 CVE-2007-0218: Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instanti Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.

CVE-2007-3027 [CRITICAL] CVE-2007-3027: Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbi Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."

CVE-2007-2222 [CRITICAL] CWE-119 CVE-2007-2222: Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) spe Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function i

CVE-2007-1750 [CRITICAL] CVE-2007-1750: Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitr Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.

CVE-2007-1751 [CRITICAL] CWE-908 CVE-2007-1751: Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by caus Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."

CVE-2007-3164 [MEDIUM] CVE-2007-3164: Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, use Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the international

CVE-2007-3111 [CRITICAL] CVE-2007-3111: Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.

CVE-2007-3092 [CRITICAL] CVE-2007-3092: Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties incl Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks.