CVSS: 7.5EPSS: 65%CPEs: 3EXPL: 1CVE-2006-1388 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1388
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors. • https://www.exploit-db.com/exploits/1838 http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html http://jeffrey.vanderstad.net/grasshopper http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed http://secunia.com/advisories/19378 http://securitytracker.com/id?1015800 http://www.kb.cert.org/vuls/id/434641 http://www.osvdb.org/24095 http://www.securityfocus.com/bid/17181 http://www.us-cert.gov/cas/techalerts/TA06-101A.html http://www.vupen&# •
CVSS: 9.3EPSS: 97%CPEs: 4EXPL: 6CVE-2006-1359 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1359
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. • https://www.exploit-db.com/exploits/1838 https://www.exploit-db.com/exploits/1628 https://www.exploit-db.com/exploits/1606 https://www.exploit-db.com/exploits/1620 https://www.exploit-db.com/exploits/16578 http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662. • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 88%CPEs: 1EXPL: 2CVE-2006-1016 – Microsoft Internet Explorer - isComponentInstalled Overflow
https://notcve.org/view.php?id=CVE-2006-1016
Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument. • https://www.exploit-db.com/exploits/16549 http://metasploit.com/projects/Framework/exploits.html#ie_iscomponentinstalled http://www.metasploit.com/projects/Framework/modules/exploits/ie_iscomponentinstalled.pm http://www.securityfocus.com/bid/16870 https://exchange.xforce.ibmcloud.com/vulnerabilities/24923 •
CVSS: 5.0EPSS: 3%CPEs: 66EXPL: 2CVE-2006-0585
https://notcve.org/view.php?id=CVE-2006-0585
jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference. • http://securitytracker.com/id?1015559 http://www.securityfocus.com/archive/1/423675/100/0/threaded http://www.securityfocus.com/archive/1/425422/30/6890/threaded http://www.securityfocus.com/bid/16441 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2006-0057
https://notcve.org/view.php?id=CVE-2006-0057
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. • http://www.kb.cert.org/vuls/id/998297 http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx http://www.osvdb.org/23657 http://www.securityfocus.com/bid/16409 https://exchange.xforce.ibmcloud.com/vulnerabilities/24379 •