CVSS: 9.8EPSS: 68%CPEs: 3EXPL: 1CVE-2006-1388 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1388
24 Mar 2006 — Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors. • https://www.exploit-db.com/exploits/1838 •
CVSS: 9.8EPSS: 87%CPEs: 4EXPL: 6CVE-2006-1359 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1359
23 Mar 2006 — Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. • https://www.exploit-db.com/exploits/1838 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 69%CPEs: 1EXPL: 4CVE-2006-1245 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1245
17 Mar 2006 — Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." • https://www.exploit-db.com/exploits/1838 •
CVSS: 6.5EPSS: 16%CPEs: 1EXPL: 0CVE-2006-0753
https://notcve.org/view.php?id=CVE-2006-0753
18 Feb 2006 — Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status. Fuga de memoria en Microsoft Internet Explorer 6 para Windows XP Service Pack 2 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de JavaScript que utiliza setInterval para llamar a una función repetidamente para esta... • http://www.osvdb.org/23307 •
CVSS: 7.5EPSS: 45%CPEs: 4EXPL: 0CVE-2006-0057
https://notcve.org/view.php?id=CVE-2006-0057
27 Jan 2006 — Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. • http://www.kb.cert.org/vuls/id/998297 •
CVSS: 9.1EPSS: 18%CPEs: 29EXPL: 1CVE-2005-4827
https://notcve.org/view.php?id=CVE-2005-4827
31 Dec 2005 — Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. • http://seclists.org/fulldisclosure/2007/Feb/0081.html •
CVSS: 7.5EPSS: 10%CPEs: 10EXPL: 0CVE-2005-3240
https://notcve.org/view.php?id=CVE-2005-3240
31 Dec 2005 — Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. • http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 8%CPEs: 1EXPL: 0CVE-2005-4679
https://notcve.org/view.php?id=CVE-2005-4679
31 Dec 2005 — Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. • http://secunia.com/advisories/17565 •
CVSS: 5.5EPSS: 14%CPEs: 8EXPL: 3CVE-2005-4717 – Microsoft Internet Explorer 6 - Malformed HTML Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2005-4717
31 Dec 2005 — Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. • https://www.exploit-db.com/exploits/26457 •
CVSS: 7.8EPSS: 15%CPEs: 3EXPL: 0CVE-2005-4269
https://notcve.org/view.php?id=CVE-2005-4269
15 Dec 2005 — mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in Info... • http://support.microsoft.com/kb/908233 •