CVSS: 7.5EPSS: 94%CPEs: 9EXPL: 1CVE-2006-1185 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1185
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. • https://www.exploit-db.com/exploits/1838 http://secunia.com/advisories/18957 http://securitytracker.com/id?1015900 http://www.kb.cert.org/vuls/id/503124 http://www.securityfocus.com/bid/17450 http://www.us-cert.gov/cas/techalerts/TA06-101A.html http://www.vupen.com/english/advisories/2006/1318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/25542 https://oval.cisecurity.org/repository/search& •
CVSS: 7.5EPSS: 94%CPEs: 23EXPL: 1CVE-2006-1188 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1188
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. • https://www.exploit-db.com/exploits/1838 http://secunia.com/advisories/18957 http://securitytracker.com/id?1015900 http://www.kb.cert.org/vuls/id/824324 http://www.securityfocus.com/archive/1/435096/30/4710/threaded http://www.us-cert.gov/cas/techalerts/TA06-101A.html http://www.vupen.com/english/advisories/2006/1318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval& •
CVSS: 5.0EPSS: 96%CPEs: 11EXPL: 1CVE-2005-2087 – Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow
https://notcve.org/view.php?id=CVE-2005-2087
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem. • https://www.exploit-db.com/exploits/1079 http://marc.info/?l=bugtraq&m=112006764714946&w=2 http://secunia.com/advisories/15891 http://securitytracker.com/id?1014329 http://www.auscert.org.au/render.html?it=5225 http://www.kb.cert.org/vuls/id/939605 http://www.kb.cert.org/vuls/id/959049 http://www.microsoft.com/technet/security/advisory/903144.mspx http://www.osvdb.org/17680 http://www.securityfocus.com/archive/1/404055 http://www.securityfocus.com/bid/ • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 56%CPEs: 18EXPL: 1CVE-2004-1155
https://notcve.org/view.php?id=CVE-2004-1155
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 http://secunia.com/advisories/22628 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.securityfocus.com/archive/1/449917/100/0/threaded http://www.securityfocus.com/bid/11855 •
CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 0CVE-2003-1559
https://notcve.org/view.php?id=CVE-2003-1559
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. • http://securityreason.com/securityalert/3989 http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html http://www.securityfocus.com/archive/1/348360 http://www.securityfocus.com/archive/1/348574 http://www.securityfocus.com/bid/9295 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •