CVSS: 9.8EPSS: 46%CPEs: 30EXPL: 0CVE-2007-5347
https://notcve.org/view.php?id=CVE-2007-5347
12 Dec 2007 — Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 hasta la 7 permite a atacantes remotos ejecutar código de su elección a través de "llamadas a métodos no esperados de objetos HTML", también conocido como "Vulnerabilidad de corrupción de objeto de memoria DHTML". • http://secunia.com/advisories/28036 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 33%CPEs: 30EXPL: 0CVE-2007-5344 – Microsoft Internet Explorer Element Tags Vulnerability
https://notcve.org/view.php?id=CVE-2007-5344
11 Dec 2007 — Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer versiones 5.01 hasta 7, permite a los atacantes remotos ejecutar ... • http://secunia.com/advisories/28036 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 52%CPEs: 30EXPL: 0CVE-2007-3902 – Microsoft Internet Explorer setExpression Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-3902
11 Dec 2007 — Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." Una vulnerabilidad de uso de memoria previamente liberada en la función CRecalcProperty en la biblioteca mshtml.dll en Microsoft Internet Explorer versiones 5.01 hasta 7, permite ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631 • CWE-189: Numeric Errors CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 10%CPEs: 1EXPL: 0CVE-2007-5456
https://notcve.org/view.php?id=CVE-2007-5456
14 Oct 2007 — Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege ... • http://securityreason.com/securityalert/3222 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 23%CPEs: 44EXPL: 1CVE-2007-4848
https://notcve.org/view.php?id=CVE-2007-4848
12 Sep 2007 — Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. Microsoft Internet Explorer 4.0 hasta 7 permite a atacantes remotos determinar la existencia de archivos locales que tienen imágenes asociadas mediante un URI res:// en la propiedad src de un objeto Image de JavaScript... • http://osvdb.org/37638 •
CVSS: 10.0EPSS: 35%CPEs: 4EXPL: 0CVE-2007-3341
https://notcve.org/view.php?id=CVE-2007-3341
21 Jun 2007 — Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. Vulnerabilidad sin especificar en la implementación del FTP del Microsoft Internet Explorer permite a atacantes remotos "ver una dirección de memoria válida" a través de vectores sin especificar, vulnerabilidad diferente a la CVE-2007-0217. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473 •
CVSS: 9.3EPSS: 57%CPEs: 43EXPL: 11CVE-2007-1765 – Microsoft Windows Explorer - '.ANI' File Denial of Service
https://notcve.org/view.php?id=CVE-2007-1765
30 Mar 2007 — Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier. Una vulnerabilidad n... • https://www.exploit-db.com/exploits/3684 •
CVSS: 7.5EPSS: 30%CPEs: 1EXPL: 1CVE-2006-7029
https://notcve.org/view.php?id=CVE-2006-7029
23 Feb 2007 — Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637. Microsoft Internet Explorer 6 SP2 y anteriores permite a atacantes remotos provocar denegación de servicio (caida) a través de un frameset con solamente un frame que llama a resizeTo con ciertos argumentos. NOTA: Este asunto podría estar relacionado con CVE-2006-3637. • http://www.securityfocus.com/archive/1/434742/30/4830/threaded •
CVSS: 6.5EPSS: 25%CPEs: 13EXPL: 1CVE-2006-7031 – Microsoft Internet Explorer 6.0.2900 SP2 - CSS Attribute Denial of Service
https://notcve.org/view.php?id=CVE-2006-7031
23 Feb 2007 — Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll. Microsoft Internet Explorer 6.0.2900 SP2 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante un elemento tabla con un atributo CSS que fija la posición, lo cual dispara una "excepción no manejada" en mshtml.dll. • https://www.exploit-db.com/exploits/1775 •
CVSS: 9.3EPSS: 65%CPEs: 1EXPL: 0CVE-2006-5581 – Microsoft Internet Explorer normalize() Function Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2006-5581
12 Dec 2006 — Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability." Vulnerabilidad sin especificar en el Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar código de su elección a través de determinadas funciones DHTML , como la "normalize", y "elementos creados incorrect... • http://secunia.com/advisories/23288 •