Microsoft Internet Explorer vulnerabilities

1,594 known vulnerabilities affecting microsoft/internet_explorer.

Total CVEs

1,594

CISA KEV

actively exploited

Public exploits

364

Exploited in wild

Severity breakdown

CRITICAL690HIGH450MEDIUM404LOW50

Vulnerabilities

Page 64 of 80

CVE-2007-3091HIGHCVSS 7.1v6v7.02007-06-06

CVE-2007-3091 [HIGH] CWE-362 CVE-2007-3091: Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonst

nvd

CVE-2007-2938CRITICALCVSS 10.0PoCv62007-05-31

CVE-2007-2938 [CRITICAL] CVE-2007-2938: Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoad Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.

nvd

CVE-2007-0944CRITICALCVSS 9.3v5.012007-05-08

CVE-2007-0944 [CRITICAL] CVE-2007-0944: Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5 Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column,

nvd

CVE-2007-0947CRITICALCVSS 9.3v6v7.02007-05-08

CVE-2007-0947 [CRITICAL] CVE-2007-0947: Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issu

nvd

CVE-2007-0945CRITICALCVSS 9.3v6v6.0+1 more2007-05-08

CVE-2007-0945 [CRITICAL] CVE-2007-0945: Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability."

nvd

CVE-2007-0942CRITICALCVSS 9.3v5.0.1v6.0+1 more2007-05-08

CVE-2007-0942 [CRITICAL] CVE-2007-0942: Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Wind Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.

nvd

CVE-2007-2221CRITICALCVSS 9.3PoCv5.01v6+2 more2007-05-08

CVE-2007-2221 [CRITICAL] CVE-2007-2221: Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Mic Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitr

nvd

CVE-2007-0946CRITICALCVSS 9.3v7.02007-05-08

CVE-2007-0946 [CRITICAL] CVE-2007-0946: Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.

nvd

CVE-2007-2291HIGHCVSS 7.5v7.0.5730.112007-04-26

CVE-2007-2291 [HIGH] CVE-2007-2291: CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7. CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.

nvd

CVE-2007-2292MEDIUMCVSS 4.3v7.0.5730.112007-04-26

CVE-2007-2292 [MEDIUM] CWE-20 CVE-2007-2292: CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

nvd

CVE-2007-2161MEDIUMCVSS 4.3v7.02007-04-22

CVE-2007-2161 [MEDIUM] CVE-2007-2161: Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) vi Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

nvd

CVE-2007-1765CRITICALCVSS 9.3PoC≤ 62007-03-30

CVE-2007-1765 [CRITICAL] CVE-2007-1765: Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to exe Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet

nvd

CVE-2006-7066HIGHCVSS 7.1PoCv6.02007-03-02

CVE-2006-7066 [HIGH] CVE-2006-7066: Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000

nvd

CVE-2006-7065MEDIUMCVSS 5.0PoCv6v6.0+6 more2007-03-02

CVE-2006-7065 [MEDIUM] CVE-2006-7065: Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRA Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.

nvd

CVE-2007-1094HIGHCVSS 7.8v7.02007-02-26

CVE-2007-1094 [HIGH] CVE-2007-1094: Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.

nvd

CVE-2007-1091MEDIUMCVSS 6.8v6.02007-02-26

CVE-2007-1091 [MEDIUM] CVE-2007-1091: Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof th Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.

nvd

CVE-2006-7029MEDIUMCVSS 5.0≤ 6.02007-02-23

CVE-2006-7029 [MEDIUM] CVE-2006-7029: Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service ( Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637.

nvd

CVE-2006-7031MEDIUMCVSS 6.5PoC≤ 6.0.29002007-02-23

CVE-2006-7031 [MEDIUM] CVE-2006-7031: Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of se Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.

nvd

CVE-2007-0217CRITICALCVSS 10.0PoCv5.01v6.02007-02-13

CVE-2007-0217 [CRITICAL] CVE-2007-0217: The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attacke The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.

nvd

CVE-2007-0219CRITICALCVSS 10.0v5.01v6.0+1 more2007-02-13

CVE-2007-0219 [CRITICAL] CVE-2007-0219: Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlm Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.

nvd

← Previous64 / 80Next →