CVSS: 6.5EPSS: 87%CPEs: 9EXPL: 3CVE-2006-3513 – Microsoft Internet Explorer 6 - DirectAnimation.DAUserData Denial of Service
https://notcve.org/view.php?id=CVE-2006-3513
11 Jul 2006 — danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference. danim.dll de Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) por acceder a los datos de propiedad de un objeto DirectAnimation DAUserData antes de que sea inicializado, lo cual dispara un p... • https://www.exploit-db.com/exploits/28196 •
CVSS: 7.5EPSS: 87%CPEs: 21EXPL: 3CVE-2006-3354 – Microsoft Internet Explorer 6 - ADODB.Recordset Filter Property Denial of Service
https://notcve.org/view.php?id=CVE-2006-3354
06 Jul 2006 — Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. Vulnerabilidad en el navegador web Internet Explorer v6 de Microsoft que permite a atacantes remotos causar una denegación de servicio (indisponibilidad de la aplicación) asignando a la propiedad "Filter" (filtro) de un objeto ActiveX ADODB.Recordset ciertos valores varias veces, lo ... • https://www.exploit-db.com/exploits/28145 •
CVSS: 6.5EPSS: 91%CPEs: 5EXPL: 2CVE-2006-2766 – Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-2766
02 Jun 2006 — Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. • https://www.exploit-db.com/exploits/27930 •
CVSS: 7.5EPSS: 23%CPEs: 23EXPL: 2CVE-2006-2094 – Microsoft Internet Explorer 5.0.1 - Modal Dialog Manipulation
https://notcve.org/view.php?id=CVE-2006-2094
29 Apr 2006 — Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. • https://www.exploit-db.com/exploits/27744 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 93%CPEs: 23EXPL: 1CVE-2006-1188 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1188
11 Apr 2006 — Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. • https://www.exploit-db.com/exploits/1838 •
CVSS: 9.1EPSS: 8%CPEs: 29EXPL: 1CVE-2005-4827
https://notcve.org/view.php?id=CVE-2005-4827
31 Dec 2005 — Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. • http://seclists.org/fulldisclosure/2007/Feb/0081.html •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4844
https://notcve.org/view.php?id=CVE-2005-4844
31 Dec 2005 — The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. • http://www.securityfocus.com/archive/1/391803 •
CVSS: 8.8EPSS: 93%CPEs: 11EXPL: 1CVE-2005-2087 – Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow
https://notcve.org/view.php?id=CVE-2005-2087
30 Jun 2005 — Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem. • https://www.exploit-db.com/exploits/1079 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 96%CPEs: 3EXPL: 2CVE-2004-0420
https://notcve.org/view.php?id=CVE-2004-0420
20 Apr 2004 — The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP. Internet Explorer 6.0.2800.1106 sobre Windows XP y posiblemente otras versiones, permite a atacantes remotos suplantar el tipo de un de un fichero mediante un especificador CLSID en el nombre del fich... • http://secunia.com/advisories/10736 •