CVSS: 7.5EPSS: 34%CPEs: 23EXPL: 2CVE-2006-2094 – Microsoft Internet Explorer 5.0.1 - Modal Dialog Manipulation
https://notcve.org/view.php?id=CVE-2006-2094
29 Apr 2006 — Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. • https://www.exploit-db.com/exploits/27744 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 64%CPEs: 9EXPL: 1CVE-2006-1185 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1185
11 Apr 2006 — Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. • https://www.exploit-db.com/exploits/1838 •
CVSS: 10.0EPSS: 74%CPEs: 21EXPL: 1CVE-2006-1186 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1186
11 Apr 2006 — Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. • https://www.exploit-db.com/exploits/1838 •
CVSS: 8.8EPSS: 64%CPEs: 23EXPL: 1CVE-2006-1188 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1188
11 Apr 2006 — Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. • https://www.exploit-db.com/exploits/1838 •
CVSS: 4.3EPSS: 33%CPEs: 9EXPL: 1CVE-2006-1192 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1192
11 Apr 2006 — Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626. • https://www.exploit-db.com/exploits/1838 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 16%CPEs: 1EXPL: 2CVE-2005-3077 – Microsoft Internet Explorer 5.2.3 for Mac OS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-3077
27 Sep 2005 — Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI. • https://www.exploit-db.com/exploits/26292 •
CVSS: 8.8EPSS: 65%CPEs: 11EXPL: 1CVE-2005-2087 – Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow
https://notcve.org/view.php?id=CVE-2005-2087
30 Jun 2005 — Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem. • https://www.exploit-db.com/exploits/1079 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 19%CPEs: 18EXPL: 1CVE-2004-1155
https://notcve.org/view.php?id=CVE-2004-1155
10 Dec 2004 — Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 •
CVSS: 9.8EPSS: 10%CPEs: 1EXPL: 0CVE-2001-0665
https://notcve.org/view.php?id=CVE-2001-0665
30 Oct 2001 — Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability." • http://www.osvdb.org/1972 •