Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Internet Explorer
Total 1740 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-1258 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2023-12-10 4.3 MEDIUM N/A
Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."
CVE-2011-1995 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2023-12-10 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability."
CVE-2010-5071 1 Microsoft 2 Ie, Internet Explorer 2023-12-10 5.0 MEDIUM N/A
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
CVE-2011-1257 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2023-12-10 7.6 HIGH N/A
Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."
CVE-2011-1962 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2023-12-10 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability."
CVE-2011-2382 1 Microsoft 2 Ie, Internet Explorer 2023-12-10 4.3 MEDIUM N/A
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.
CVE-2012-0012 1 Microsoft 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more 2023-12-10 4.3 MEDIUM N/A
Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."
CVE-2010-0027 1 Microsoft 8 Internet Explorer, Windows 2000, Windows 2003 Server and 5 more 2023-12-10 9.3 HIGH N/A
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
CVE-2011-0347 1 Microsoft 2 Internet Explorer, Windows Xp 2023-12-10 9.3 HIGH N/A
Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.
CVE-2011-1992 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2023-12-10 4.3 MEDIUM N/A
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."
CVE-2010-0247 1 Microsoft 4 Internet Explorer, Windows 2000, Windows Server 2003 and 1 more 2023-12-10 9.3 HIGH N/A
Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-3886 1 Microsoft 1 Internet Explorer 2023-12-10 4.3 MEDIUM N/A
The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.
CVE-2010-0246 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2023-12-10 9.3 HIGH N/A
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.
CVE-2011-1256 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2023-12-10 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."
CVE-2011-1993 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2023-12-10 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability."
CVE-2010-3325 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2023-12-10 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."
CVE-2010-2558 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2023-12-10 9.3 HIGH N/A
Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability."
CVE-2011-1251 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2023-12-10 9.3 HIGH N/A
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."
CVE-2010-1175 1 Microsoft 3 Internet Explorer, Windows 2003 Server, Windows Xp 2023-12-10 9.3 HIGH N/A
Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
CVE-2010-1262 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more 2023-12-10 9.3 HIGH N/A
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."