Vulnerabilities (CVE)

Vendor filter

Microsoft Subscribe

Product filter

Filter

627 total CVE
CVE Vendors Products Updated CVSS
CVE-2015-4000 12 Google, Openssl, Apple and 9 more 25 Safari, Network Security Services, Ie and 22 more 2019-10-09 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a...
CVE-2005-4827 2 Microsoft, Canon 2 Network Camera Server Vb101, Ie 2019-10-09 7.5
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab,...
CVE-2004-0839 3 Microsoft, Avaya, Nortel 17 Windows 98, Windows 2003 Server, Windows 98se and 14 more 2019-04-30 5.0
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop...
CVE-2005-0053 1 Microsoft 7 Windows 98, Windows 2003 Server, Windows 98se and 4 more 2019-04-30 7.5
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
CVE-2006-4868 1 Microsoft 2 Ie, Outlook 2019-04-30 9.3
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector...
CVE-2004-0212 2 Microsoft, Avaya 8 Windows Nt, S8100, Windows Xp and 5 more 2019-04-30 10.0
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using...
CVE-2002-0862 4 Kde, Microsoft, Baltimore Technologies and 1 more 17 Windows Nt, Konqueror, Windows 98 and 14 more 2019-04-30 7.5
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook...
CVE-2011-1252 1 Microsoft 1 Ie 2019-02-26 4.3
Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1,...
CVE-2010-3345 1 Microsoft 1 Ie 2019-02-26 9.3
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka...
CVE-2010-0247 1 Microsoft 1 Ie 2019-02-26 9.3
Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to...
CVE-2011-2001 1 Microsoft 1 Ie 2019-02-26 9.3
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka...
CVE-2010-0490 1 Microsoft 7 Windows 2003 Server, Windows Server 2008, Windows 7 and 4 more 2019-02-26 9.3
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory...
CVE-2011-1964 1 Microsoft 1 Ie 2019-02-26 9.3
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory...
CVE-2011-0346 1 Microsoft 1 Ie 2019-02-26 9.3
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the...
CVE-2010-3331 1 Microsoft 1 Ie 2019-02-26 9.3
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object...
CVE-2009-1532 1 Microsoft 1 Ie 2019-02-26 9.3
Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via...
CVE-2010-0555 1 Microsoft 6 Windows Server 2008, Windows Xp, Windows Server 2003 and 3 more 2019-02-26 9.3
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the...
CVE-2010-0807 1 Microsoft 6 Windows 2003 Server, Windows Server 2008, Windows Xp and 3 more 2019-02-26 9.3
Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
CVE-2009-0552 1 Microsoft 1 Ie 2019-02-26 9.3
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object...
CVE-2009-1531 1 Microsoft 1 Ie 2019-02-26 9.3
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function...