Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Ie
Total 655 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-4000 12 Apple, Canonical, Debian and 9 more 25 Iphone Os, Mac Os X, Safari and 22 more 2021-01-20 4.3 MEDIUM 3.7 LOW
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
CVE-2011-1962 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability."
CVE-2011-0346 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 9.3 HIGH N/A
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
CVE-2011-1960 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability."
CVE-2011-1258 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."
CVE-2011-1961 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 9.3 HIGH N/A
The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability."
CVE-2011-1246 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 4.3 MEDIUM N/A
Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability."
CVE-2011-1255 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 9.3 HIGH N/A
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."
CVE-2011-1266 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 9.3 HIGH N/A
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."
CVE-2011-1254 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability."
CVE-2011-1256 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."
CVE-2011-1257 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 7.6 HIGH N/A
Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."
CVE-2011-1260 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 9.3 HIGH N/A
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
CVE-2011-1261 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability."
CVE-2011-1262 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 9.3 HIGH N/A
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability."
CVE-2011-1244 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 5.8 MEDIUM N/A
Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."
CVE-2011-1250 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability."
CVE-2011-1251 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 9.3 HIGH N/A
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."
CVE-2011-1252 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
CVE-2011-1963 1 Microsoft 7 Ie, Windows 2003 Server, Windows 7 and 4 more 2020-09-28 9.3 HIGH N/A
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability."