CVSS: 6.5EPSS: 62%CPEs: 5EXPL: 2CVE-2006-2766 – Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-2766
02 Jun 2006 — Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. • https://www.exploit-db.com/exploits/27930 •
CVSS: 7.5EPSS: 34%CPEs: 23EXPL: 2CVE-2006-2094 – Microsoft Internet Explorer 5.0.1 - Modal Dialog Manipulation
https://notcve.org/view.php?id=CVE-2006-2094
29 Apr 2006 — Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. • https://www.exploit-db.com/exploits/27744 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 87%CPEs: 4EXPL: 6CVE-2006-1359 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1359
23 Mar 2006 — Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. • https://www.exploit-db.com/exploits/1838 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 43%CPEs: 1EXPL: 2CVE-2006-0544 – Microsoft Internet Explorer 7.0 Beta 2 - 'urlmon.dll' Denial of Service
https://notcve.org/view.php?id=CVE-2006-0544
04 Feb 2006 — urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters. • https://www.exploit-db.com/exploits/1475 •
CVSS: 7.5EPSS: 19%CPEs: 18EXPL: 1CVE-2004-1155
https://notcve.org/view.php?id=CVE-2004-1155
10 Dec 2004 — Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 •