| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability." |
| Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability." |
| Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability." |
| Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability." |
| Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." |
| Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. |
| The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." |
| Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. |
| Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability." |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3917. |
| Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3882, and CVE-2013-3885. |
| Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143 and CVE-2013-3161. |
| Cross-site scripting (XSS) vulnerability in KENT-WEB POST-MAIL before 6.7, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. |
| Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability." |
| Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability." |
| Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." |
| Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202. |
| The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability." |
| Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie. |
| Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. |
