Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Internet_explorer
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 1640 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2007-12-12 | CVE-2007-5347 | Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." | Ie, Internet_explorer | N/A | ||
| 2007-09-12 | CVE-2007-4848 | Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. | Ie, Internet_explorer | N/A | ||
| 2007-12-12 | CVE-2007-5344 | Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." | Ie, Internet_explorer | N/A | ||
| 2007-12-12 | CVE-2007-3902 | Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." | Ie, Internet_explorer | N/A | ||
| 2007-10-14 | CVE-2007-5456 | Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not... | Internet_explorer | N/A | ||
| 2007-12-05 | CVE-2007-5355 | The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. | Internet_explorer | N/A | ||
| 2007-12-12 | CVE-2007-3903 | Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability." | Ie, Internet_explorer | N/A | ||
| 2008-04-08 | CVE-2008-1086 | The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. | Internet_explorer, Windows\-Nt, Windows_2003_server, Windows_vista, Windows_xp | N/A | ||
| 2008-08-13 | CVE-2008-2259 | Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability." | Internet_explorer | N/A | ||
| 2008-01-04 | CVE-2008-0090 | A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method. | Divx_player, Internet_explorer | N/A |