Filtered by vendor Microsoft
Subscriptions
Filtered by product Internet Explorer
Subscriptions
Total
1744 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5540 | 2 Microsoft, Secure Computing | 3 Internet Explorer, Secure Web Gateway, Webwasher | 2025-04-09 | N/A |
| Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | ||||
| CVE-2009-1917 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | N/A |
| Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability." | ||||
| CVE-2009-1918 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | N/A |
| Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability." | ||||
| CVE-2007-3924 | 2 Microsoft, Netscape | 2 Internet Explorer, Navigator | 2025-04-09 | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE. | ||||
| CVE-2009-2668 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232. | ||||
| CVE-2007-1750 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. | ||||
| CVE-2007-3954 | 2 Microsoft, Mozilla | 2 Internet Explorer, Seamonkey | 2025-04-09 | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670. | ||||
| CVE-2009-4073 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page. | ||||
| CVE-2009-4074 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability." | ||||
| CVE-2009-2501 | 1 Microsoft | 27 .net Framework, Excel Viewer, Expression Web and 24 more | 2025-04-09 | N/A |
| Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." | ||||
| CVE-2009-2502 | 1 Microsoft | 27 .net Framework, Excel Viewer, Expression Web and 24 more | 2025-04-09 | 8.1 High |
| Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." | ||||
| CVE-2008-5538 | 2 Microsoft, Prevx | 2 Internet Explorer, Prevx1 | 2025-04-09 | N/A |
| Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | ||||
| CVE-2006-7029 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637. | ||||
| CVE-2008-5536 | 2 Microsoft, Pandasecurity | 2 Internet Explorer, Panda Antivirus | 2025-04-09 | N/A |
| Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | ||||
| CVE-2007-0219 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2025-04-09 | N/A |
| Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697. | ||||
| CVE-2008-5530 | 3 Avg, Ewido, Microsoft | 3 Ewido Security Suite, Ewido Security Suite, Internet Explorer | 2025-04-09 | N/A |
| Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | ||||
| CVE-2008-5528 | 2 Aladdin, Microsoft | 2 Esafe, Internet Explorer | 2025-04-09 | N/A |
| Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | ||||
| CVE-2007-2718 | 2 Microsoft, Stalker | 2 Internet Explorer, Communigate Pro | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags. | ||||
| CVE-2009-2503 | 1 Microsoft | 27 .net Framework, Excel Viewer, Expression Web and 24 more | 2025-04-09 | N/A |
| GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." | ||||
| CVE-2008-5525 | 2 Clamav, Microsoft | 2 Clamav, Internet Explorer | 2025-04-09 | N/A |
| ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | ||||