Total
202 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-5805 | 1 Microsoft | 1 Ie | 2024-11-21 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid. | |||||
CVE-2006-5578 | 1 Microsoft | 1 Ie | 2024-11-21 | 2.6 LOW | N/A |
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. | |||||
CVE-2006-5577 | 1 Microsoft | 1 Ie | 2024-11-21 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578. | |||||
CVE-2006-5544 | 1 Microsoft | 1 Ie | 2024-11-21 | 6.4 MEDIUM | N/A |
Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL. | |||||
CVE-2006-4888 | 1 Microsoft | 1 Ie | 2024-11-21 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. | |||||
CVE-2006-4777 | 1 Microsoft | 1 Ie | 2024-11-21 | 7.6 HIGH | N/A |
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446. | |||||
CVE-2006-4697 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2024-11-21 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. | |||||
CVE-2006-4687 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | 5.1 MEDIUM | N/A |
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | |||||
CVE-2006-4560 | 1 Microsoft | 1 Ie | 2024-11-21 | 7.5 HIGH | N/A |
Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. | |||||
CVE-2006-4495 | 1 Microsoft | 2 Ie, Windows 2003 Server | 2024-11-21 | 7.5 HIGH | N/A |
Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. | |||||
CVE-2006-4446 | 1 Microsoft | 1 Ie | 2024-11-21 | 5.0 MEDIUM | N/A |
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points. | |||||
CVE-2006-4301 | 1 Microsoft | 1 Ie | 2024-11-21 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1. | |||||
CVE-2006-4219 | 1 Microsoft | 1 Ie | 2024-11-21 | 7.5 HIGH | N/A |
The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. | |||||
CVE-2006-4193 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files. | |||||
CVE-2006-3944 | 1 Microsoft | 1 Ie | 2024-11-21 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. | |||||
CVE-2006-3943 | 1 Microsoft | 1 Ie | 2024-11-21 | 2.6 LOW | N/A |
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. | |||||
CVE-2006-3910 | 1 Microsoft | 1 Ie | 2024-11-21 | 5.0 MEDIUM | N/A |
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference. | |||||
CVE-2006-3873 | 1 Microsoft | 4 Ie, Windows 2000, Windows 2003 Server and 1 more | 2024-11-21 | 7.5 HIGH | N/A |
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. | |||||
CVE-2006-3869 | 1 Microsoft | 1 Ie | 2024-11-21 | 7.5 HIGH | N/A |
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. | |||||
CVE-2006-3730 | 1 Microsoft | 3 Ie, Internet Explorer, Windows Xp | 2024-11-21 | 9.3 HIGH | N/A |
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. |