cbcvebase.

Microsoft Corporation Internet Explorer vulnerabilities

25 known vulnerabilities affecting microsoft_corporation/internet_explorer.

Total CVEs
25
CISA KEV
2
actively exploited
Public exploits
3
Exploited in wild
2
Severity breakdown
HIGH14MEDIUM9LOW2

Vulnerabilities

Page 1 of 2
CVE-2017-0222P1HIGHCVSS 8.8KEVvWindows 8.1 for 32-bit systems, Windows 8.1 for x64-based systems, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1511 for 32-bit Systems, Windows 10 Version 1511 for x64-based Systems, Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, Windows 10 Version 1703 for x64-based Systems, and Windows Server 2016.2017-05-12
CVE-2017-0222 [HIGH] CWE-787 CVE-2017-0222: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in m A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226.
nvd
CVE-2017-0210P1HIGHCVSS 8.8KEVvInternet Explorer 10 and Internet Explorer 112017-04-12
CVE-2017-0210 [HIGH] CVE-2017-0210: An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cros An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."
nvd
CVE-2018-0834P2HIGHCVSS 7.5PoCvMicrosoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016.2018-02-15
CVE-2018-0834 [HIGH] CWE-787 CVE-2018-0834: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Serv Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840,
nvd
CVE-2017-0202P2HIGHCVSS 7.5PoCvInternet Explorer 112017-04-12
CVE-2017-0202 [HIGH] CWE-119 CVE-2017-0202: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in m A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."
nvd
CVE-2017-11855P2HIGHCVSS 7.5PoCvMicrosoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709.2017-11-15
CVE-2017-11855 [HIGH] CWE-119 CVE-2017-11855: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Wi Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in
nvd
CVE-2017-8625P3HIGHCVSS 8.8vWindows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.2017-08-08
CVE-2017-8625 [HIGH] CWE-276 CVE-2017-8625: Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker t Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability".
nvd
CVE-2018-0876P3HIGHCVSS 7.5vMicrosoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016.2018-03-14
CVE-2018-0876 [HIGH] CWE-787 CVE-2018-0876: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote cod Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0889, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935.
nvd
CVE-2017-8653P3HIGHCVSS 7.5vMicrosoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.2017-08-08
CVE-2017-8653 [HIGH] CWE-119 CVE-2017-8653: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and W Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly accessing objects in memory, aka "Mic
nvd
CVE-2017-0093P3HIGHCVSS 7.5vThe Jscript and VBScript engine in Microsoft Internet Explorer 9 and Internet Explorer 102017-04-12
CVE-2017-0093 [HIGH] CWE-119 CVE-2017-0093: A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." Th
nvd
CVE-2017-8747P3HIGHCVSS 7.5vMicrosoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.2017-09-13
CVE-2017-8747 [HIGH] CWE-119 CVE-2017-8747: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet E
nvd
CVE-2017-0040P3HIGHCVSS 7.5vThe scripting engine in Microsoft Internet Explorer 9 through 112017-03-17
CVE-2017-0040 [HIGH] CWE-119 CVE-2017-0040: The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." This vulnerability is different from that described in CVE-2017-0130.
nvd
CVE-2017-0018P3HIGHCVSS 7.5vInternet Explorer 9 through 112017-03-17
CVE-2017-0018 [HIGH] CWE-119 CVE-2017-0018: Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a de Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149.
nvd
CVE-2017-11813P3HIGHCVSS 7.5vMicrosoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.2017-10-13
CVE-2017-11813 [HIGH] CWE-119 CVE-2017-11813: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from
nvd
CVE-2017-8651P3HIGHCVSS 7.5vMicrosoft Windows Server 2008 SP2 and Windows Server 2012.2017-08-08
CVE-2017-8651 [HIGH] CWE-119 CVE-2017-8651: Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".
nvd
CVE-2017-8529P3MEDIUMCVSS 6.5vMicrosoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.2017-06-15
CVE-2017-8529 [MEDIUM] CWE-119 CVE-2017-8529: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".
nvd
CVE-2017-0008P4MEDIUMCVSS 4.3vInternet Explorer 9 through 112017-03-17
CVE-2017-0008 [MEDIUM] CWE-200 CVE-2017-0008: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059.
nvd
CVE-2017-0064P4MEDIUMCVSS 6.5vWindows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows 8.1 for 32-bit systems, Windows 8.1 for x64-based systems, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1511 for 32-bit Systems, Windows 10 Version 1511 for x64-based Systems, Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, Windows 10 Version 1703 for x64-based Systems, and Windows Server 2016.2017-05-12
CVE-2017-0064 [MEDIUM] CVE-2017-0064: A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka "Internet Explorer Security Feature Bypass Vulnerability."
nvd
CVE-2017-11848P4MEDIUMCVSS 4.3vMicrosoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709.2017-11-15
CVE-2017-11848 [MEDIUM] CWE-200 CVE-2017-11848: Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Win Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation of the user leaving a maliciously crafted page, due to how page content
nvd
CVE-2017-0154P4MEDIUMCVSS 4.4vInternet Explorer 11 in Windows 10, 1511, 1606, and Windows Server 20162017-03-17
CVE-2017-0154 [MEDIUM] CWE-74 CVE-2017-0154: Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforc Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability."
nvd
CVE-2018-0847P4MEDIUMCVSS 4.3vMicrosoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016.2018-02-15
CVE-2018-0847 [MEDIUM] CWE-787 CVE-2018-0847: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".
nvd
Microsoft Corporation Internet Explorer vulnerabilities | cvebase