CVSS: 7.4EPSS: 12%CPEs: 94EXPL: 1CVE-2009-2057
https://notcve.org/view.php?id=CVE-2009-2057
15 Jun 2009 — Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. Microsoft Internet Explorer anteriores a v8 utiliza una cabecera HTTP Host para determinar el contexto de un documento proporcionado por una respuesta de CONEXIÓN (1) 4xx o (2) 5xx desde un servidor ... • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 18%CPEs: 18EXPL: 0CVE-2009-2064
https://notcve.org/view.php?id=CVE-2009-2064
15 Jun 2009 — Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." Microsoft Internet Explorer 8, y posiblemente otras versiones, detecta contenido http en páginas web https... • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 • CWE-287: Improper Authentication •
CVSS: 5.8EPSS: 2%CPEs: 94EXPL: 0CVE-2009-2069
https://notcve.org/view.php?id=CVE-2009-2069
15 Jun 2009 — Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. Microsoft Internet Explorer anterior a 8 muestra un certificado cacheado para una página de respuesta CONEXIÓN (1) 4xx o (2) 5xx ... • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 34%CPEs: 44EXPL: 0CVE-2009-0550
https://notcve.org/view.php?id=CVE-2009-0550
15 Apr 2009 — Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections"... • http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx •
CVSS: 9.3EPSS: 53%CPEs: 12EXPL: 0CVE-2009-0552
https://notcve.org/view.php?id=CVE-2009-0552
15 Apr 2009 — Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." Vulnerabilidad no especificada en Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 en Windows XP SP2 y SP3, y 6 en Windows Server 2003 SP1 y SP2 permite... • http://osvdb.org/53625 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 53%CPEs: 3EXPL: 2CVE-2008-2281 – Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting
https://notcve.org/view.php?id=CVE-2008-2281
18 May 2008 — Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la característica Print Table of Links de Internet Explorer 6.0, 7.0 y 8.0b permite a at... • https://www.exploit-db.com/exploits/5619 •
CVSS: 9.3EPSS: 50%CPEs: 24EXPL: 0CVE-2008-1085
https://notcve.org/view.php?id=CVE-2008-1085
08 Apr 2008 — Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler. Vulnerabilidad de uso después de la liberación en Microsoft Internet Explorer 5.01 SP4, 6 hasta SP1, y 7, permite a atacantes remotos ejecutar código de su elección a través de una cadena de datos manipulada que provoca una corr... • http://marc.info/?l=bugtraq&m=120845064910729&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 48%CPEs: 21EXPL: 0CVE-2008-0076
https://notcve.org/view.php?id=CVE-2008-0076
12 Feb 2008 — Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability." Vulnerabilidad no espicificada en Microsoft Internet Explorer 5.01, 6 SP1 y SP2, y 7 permite a atacantes remotos ejecutar código de su elección mediante combinaciones del diseño HTML manipuladas, también conocido como "HTML Rendering Memory Corruption Vulnerability." • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 51%CPEs: 22EXPL: 0CVE-2008-0078
https://notcve.org/view.php?id=CVE-2008-0078
12 Feb 2008 — Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability." Vulnerabilidad sin especificar en el Control ActiveX (dxtmsft.dll) en Microsoft Internet Explorer 5.01, 6 SP1 y SP2, y 7, que permite a atacantes remotos ejecutar código de su elección a través de una imagen manipulada, también conocida como "Vulnerabilidad de mem... • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 46%CPEs: 30EXPL: 0CVE-2007-5347
https://notcve.org/view.php?id=CVE-2007-5347
12 Dec 2007 — Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 hasta la 7 permite a atacantes remotos ejecutar código de su elección a través de "llamadas a métodos no esperados de objetos HTML", también conocido como "Vulnerabilidad de corrupción de objeto de memoria DHTML". • http://secunia.com/advisories/28036 • CWE-399: Resource Management Errors •