Microsoft Internet Explorer vulnerabilities

CVE-2005-4089 [HIGH] CWE-264 CVE-2005-4089: Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulner

CVE-2005-3312 [MEDIUM] CVE-2005-3312: The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cros The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a di

CVE-2005-1989 [HIGH] CVE-2005-1989: Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain infor Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".

CVE-2005-1990 [MEDIUM] CVE-2005-1990: Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (applicatio Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll,

CVE-2005-1988 [MEDIUM] CVE-2005-1988: Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbi Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".

CVE-2005-2304 [MEDIUM] CVE-2005-2304: Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of s Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count.

CVE-2005-2274 [LOW] CVE-2005-2274: Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."

CVE-2005-2087 [MEDIUM] CWE-399 CVE-2005-2087: Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JV

CVE-2005-1211 [MEDIUM] CVE-2005-1211: Buffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote at Buffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.

CVE-2005-1790 [LOW] CWE-399 CVE-2005-1790: Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remo Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."

CVE-2005-0055 [HIGH] CVE-2005-0055: Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML me Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."

CVE-2005-0053 [HIGH] CVE-2005-0053: Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and dr Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

CVE-2005-0554 [HIGH] CVE-2005-0554: Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote a Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."

CVE-2005-0500 [MEDIUM] CVE-2005-0500: Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.

CVE-2005-0553 [MEDIUM] CVE-2005-0553: Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".

CVE-2005-0054 [MEDIUM] CVE-2005-0054: Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."

CVE-2005-0954 [MEDIUM] CVE-2005-0954: Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file.

CVE-2005-0056 [MEDIUM] CVE-2005-0056: Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition For Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."

CVE-2005-0555 [HIGH] CVE-2005-0555: Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."

CVE-2004-0978 [CRITICAL] CWE-787 CVE-2004-0978: Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.