CVSS: 9.3EPSS: 52%CPEs: 30EXPL: 0CVE-2007-3902 – Microsoft Internet Explorer setExpression Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-3902
11 Dec 2007 — Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." Una vulnerabilidad de uso de memoria previamente liberada en la función CRecalcProperty en la biblioteca mshtml.dll en Microsoft Internet Explorer versiones 5.01 hasta 7, permite ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631 • CWE-189: Numeric Errors CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 23%CPEs: 44EXPL: 1CVE-2007-4848
https://notcve.org/view.php?id=CVE-2007-4848
12 Sep 2007 — Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. Microsoft Internet Explorer 4.0 hasta 7 permite a atacantes remotos determinar la existencia de archivos locales que tienen imágenes asociadas mediante un URI res:// en la propiedad src de un objeto Image de JavaScript... • http://osvdb.org/37638 •
CVSS: 7.5EPSS: 53%CPEs: 1EXPL: 0CVE-2006-5577
https://notcve.org/view.php?id=CVE-2006-5577
12 Dec 2006 — Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578. Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos la obtención de información sensible a través de usos sin especificar de la etiqueta de HTML OBJECT, que revela la ruta abso... • http://secunia.com/advisories/23288 •
CVSS: 7.5EPSS: 47%CPEs: 1EXPL: 0CVE-2006-5578
https://notcve.org/view.php?id=CVE-2006-5578
12 Dec 2006 — Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos leer Ficheros Temporales de Internet (TIF) y obtener información sensible a través de vectores sin especificar mediante operacio... • http://secunia.com/advisories/23288 •
CVSS: 6.5EPSS: 22%CPEs: 1EXPL: 0CVE-2006-4888
https://notcve.org/view.php?id=CVE-2006-4888
19 Sep 2006 — Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. Microsoft Internet Explorer 6 y anteriores permite a atacantes remotos provocar una denegación de servicio (aplicación que no responde) vía un elemento INPUT HTML con formato CSS dentro de un elemento DIV que tiene un tamaño mayor que el INPUT. • http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html •
CVSS: 9.8EPSS: 64%CPEs: 2EXPL: 0CVE-2006-3451 – Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2006-3451
08 Aug 2006 — Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. Microsoft Internet Explorer 5 SP4 y 6 no recogen adecuadamente la basura cuando "se utilizan múltiples importaciones en una colección de hojas de estilo" para construir una cadena de Hojas de Estilo en Cascada (CSS), lo cual permite a atacantes... • http://secunia.com/advisories/21396 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 34%CPEs: 23EXPL: 2CVE-2006-2094 – Microsoft Internet Explorer 5.0.1 - Modal Dialog Manipulation
https://notcve.org/view.php?id=CVE-2006-2094
29 Apr 2006 — Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. • https://www.exploit-db.com/exploits/27744 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 70%CPEs: 7EXPL: 3CVE-2003-1041 – Microsoft Windows XP/2000 - showHelp '.CHM' File Execution (MS03-004)
https://notcve.org/view.php?id=CVE-2003-1041
20 May 2004 — Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. Internet Explorer 5.x y 6.0 permite a atacantes remotos ejecutar programas arbitrarios mediante una URL conteniendo secuencias ".." (punto punto) en un nombre de fichero terminado en "::" ... • https://www.exploit-db.com/exploits/23504 •
CVSS: 7.5EPSS: 39%CPEs: 8EXPL: 1CVE-2002-0153 – Apple Mac OS Internet Explorer 3/4/5 - File Execution
https://notcve.org/view.php?id=CVE-2002-0153
22 Apr 2002 — Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability. Internet Explorer 5.1 para Macintosh permite a atacantes remotos evadir comprobaciones de seguridad e invocar AppleScripts locales dentro de un elemento HTML específico. Tambien conocido como vulnerabilidad de "Invocación local de AppleScript" • https://www.exploit-db.com/exploits/21238 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-1218
https://notcve.org/view.php?id=CVE-2001-1218
20 Dec 2001 — Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window. MS Internet Explorer para Unix 5.0SP1 permite a usuarios locales forzar una denegración de servicio (crash) tanto en CDE como en servidor X de Solaris 2.6 a través de maximizar la ventana o mostrar rápidamente caracteres chinos. • http://www.securityfocus.com/archive/1/246611 •