CVSS: 6.8EPSS: 49%CPEs: 4EXPL: 0CVE-2007-1091
https://notcve.org/view.php?id=CVE-2007-1091
26 Feb 2007 — Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers. Microsoft Internet Explorer 7 permite a atacantes remotos impedir a los usuarios dejar un sitio, simular la barra de direcciones y llevar a cabo ataques de tipo phishing u otros mediante un gestor de eventos Javascript onUnload. • http://lcamtuf.coredump.cx/ietrap •
CVSS: 10.0EPSS: 61%CPEs: 18EXPL: 0CVE-2007-0219
https://notcve.org/view.php?id=CVE-2007-0219
13 Feb 2007 — Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697. Microsoft Internet Explorer 5.01, 6, y 7 utiliza ciertos objetos COM de (1) Msb1fren.dll, (2) Htmlmm.ocx, y (3) Blnmgrps.dll como controles ActiveX, lo cual permite a atacantes remotos ejecutar código de su elección mediante vectores no especif... • http://secunia.com/advisories/24156 •
CVSS: 9.3EPSS: 54%CPEs: 18EXPL: 0CVE-2006-4697
https://notcve.org/view.php?id=CVE-2006-4697
13 Feb 2007 — Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. Microsoft Internet Explorer 5.01, 6, y 7 utiliza ciertos objetos COM de Imjpcksid.dll como controles ActiveX, lo cual permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. NOTA: este asunto podría estar relacionado con CVE-2006-41... • http://secunia.com/advisories/24156 •
CVSS: 7.8EPSS: 53%CPEs: 10EXPL: 2CVE-2007-0612 – Microsoft Internet Explorer 5.0.1 - Multiple ActiveX Controls Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-0612
31 Jan 2007 — Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEdit... • https://www.exploit-db.com/exploits/29536 •
CVSS: 7.5EPSS: 11%CPEs: 2EXPL: 2CVE-2007-0356 – CCRP Folder Treeview Control (ccrpftv6.ocx) - IE Denial of Service
https://notcve.org/view.php?id=CVE-2007-0356
19 Jan 2007 — The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value. The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) Control ActiveX (ccrpftv6.ocx) permite a atacantes remotos provocar una denegación de servicio (caída de Internet Explorer 7) mediante un valor de propiedad CCRP.RootFolder largo. • https://www.exploit-db.com/exploits/3142 •
CVSS: 9.3EPSS: 31%CPEs: 13EXPL: 2CVE-2007-0024 – Microsoft Internet Explorer - VML Download and Execute (MS07-004)
https://notcve.org/view.php?id=CVE-2007-0024
09 Jan 2007 — Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." Debordamiento de Entero en la implementación (vgx.dll) del Lenguaje de Marcas de Vectores (... • https://www.exploit-db.com/exploits/3148 •
CVSS: 6.5EPSS: 23%CPEs: 3EXPL: 3CVE-2006-6659 – Microsoft Office Outlook Recipient Control - 'ole32.dll' Denial of Service
https://notcve.org/view.php?id=CVE-2006-6659
20 Dec 2006 — The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. El control ActiveX Recipient de Microsoft Office Outlook (ole32.dll) en Windows XP SP2 permite a atacantes remotos provocar una denegación de servicio (cuelgue de Internet Explorer 7) mediante una HTML artesanal. • https://www.exploit-db.com/exploits/2946 •
CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 1CVE-2006-5913
https://notcve.org/view.php?id=CVE-2006-5913
15 Nov 2006 — Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. Microsoft Internet Explorer 7 permi... • http://www.blogger.com/comment.g?blogID=15069726&postID=116257593427394541 •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2CVE-2006-5805
https://notcve.org/view.php?id=CVE-2006-5805
08 Nov 2006 — Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid. Microsoft Internet Explorer 7 permite a atacantes remotos provocar que un certificado de seguridad de una página segura, aparezca como inválido mediante un enlace a res://ieframe.... • http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html •
CVSS: 6.4EPSS: 52%CPEs: 1EXPL: 3CVE-2006-5544
https://notcve.org/view.php?id=CVE-2006-5544
26 Oct 2006 — Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL. Vulnerabilidad de truncamiento visual en Microsoft Internet Explorer 7 permite a atacantes remotos suplantar la barra de direcciones y posiblemente conducir ataques de phising mediante una URL maliciosa que contiene espacios non-breaki... • http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx •