CVSS: 7.8EPSS: 65%CPEs: 10EXPL: 2CVE-2007-0612 – Microsoft Internet Explorer 5.0.1 - Multiple ActiveX Controls Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-0612
31 Jan 2007 — Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEdit... • https://www.exploit-db.com/exploits/29536 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2006-5578
https://notcve.org/view.php?id=CVE-2006-5578
12 Dec 2006 — Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos leer Ficheros Temporales de Internet (TIF) y obtener información sensible a través de vectores sin especificar mediante operacio... • http://secunia.com/advisories/23288 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2006-5577
https://notcve.org/view.php?id=CVE-2006-5577
12 Dec 2006 — Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578. Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos la obtención de información sensible a través de usos sin especificar de la etiqueta de HTML OBJECT, que revela la ruta abso... • http://secunia.com/advisories/23288 •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2006-4888
https://notcve.org/view.php?id=CVE-2006-4888
19 Sep 2006 — Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. Microsoft Internet Explorer 6 y anteriores permite a atacantes remotos provocar una denegación de servicio (aplicación que no responde) vía un elemento INPUT HTML con formato CSS dentro de un elemento DIV que tiene un tamaño mayor que el INPUT. • http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html •
CVSS: 9.8EPSS: 92%CPEs: 2EXPL: 0CVE-2006-3451 – Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2006-3451
08 Aug 2006 — Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. Microsoft Internet Explorer 5 SP4 y 6 no recogen adecuadamente la basura cuando "se utilizan múltiples importaciones en una colección de hojas de estilo" para construir una cadena de Hojas de Estilo en Cascada (CSS), lo cual permite a atacantes... • http://secunia.com/advisories/21396 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 94%CPEs: 11EXPL: 0CVE-2006-1303
https://notcve.org/view.php?id=CVE-2006-1303
13 Jun 2006 — Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Inpu... • http://secunia.com/advisories/20595 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 76%CPEs: 11EXPL: 0CVE-2006-2900
https://notcve.org/view.php?id=CVE-2006-2900
07 Jun 2006 — Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 23%CPEs: 23EXPL: 2CVE-2006-2094 – Microsoft Internet Explorer 5.0.1 - Modal Dialog Manipulation
https://notcve.org/view.php?id=CVE-2006-2094
29 Apr 2006 — Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. • https://www.exploit-db.com/exploits/27744 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 93%CPEs: 21EXPL: 1CVE-2006-1186 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1186
11 Apr 2006 — Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. • https://www.exploit-db.com/exploits/1838 •
CVSS: 4.3EPSS: 49%CPEs: 9EXPL: 1CVE-2006-1192 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1192
11 Apr 2006 — Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626. • https://www.exploit-db.com/exploits/1838 • CWE-20: Improper Input Validation •