Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2005-12-31 |
| Product | Internet Explorer | Last view | 2013-06-28 |
| Version | 7 | Type | Application |
| Update | * | ||
| Edition | windows_server_2003_sp1_itanium | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microsoft:internet_explorer | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2013-06-28 | CVE-2013-3649 | Cross-site scripting (XSS) vulnerability in KENT-WEB CLIP-MAIL before 3.4, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. |
| 4.3 | 2013-06-28 | CVE-2013-3648 | Cross-site scripting (XSS) vulnerability in KENT-WEB POST-MAIL before 6.7, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. |
| 5 | 2011-12-07 | CVE-2010-5071 | The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. |
| 4.3 | 2011-12-07 | CVE-2002-2435 | The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. |
| 4.3 | 2011-08-09 | CVE-2011-2379 | Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing. |
| 4.3 | 2011-06-03 | CVE-2011-2383 | Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release. |
| 4.3 | 2011-06-03 | CVE-2011-2382 | Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. |
| 5 | 2009-11-16 | CVE-2009-3943 | Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. |
| 5 | 2009-09-18 | CVE-2009-3270 | Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. |
| 5 | 2009-09-18 | CVE-2009-3267 | Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828. |
| 4.3 | 2009-07-20 | CVE-2009-2536 | Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. |
| 6.8 | 2009-06-15 | CVE-2009-2064 | Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." |
| 9.3 | 2008-02-12 | CVE-2008-0078 | Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability." |
| 9.3 | 2008-02-12 | CVE-2008-0076 | Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability." |
| 7.5 | 2007-10-14 | CVE-2007-5456 | Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege boundaries, although it does bypass an intended protection mechanism. |
| 7.1 | 2005-12-31 | CVE-2005-4844 | The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 21% (3) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 21% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 14% (2) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 14% (2) | CWE-20 | Improper Input Validation |
| 7% (1) | CWE-399 | Resource Management Errors |
| 7% (1) | CWE-287 | Improper Authentication |
| 7% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 7% (1) | CWE-200 | Information Exposure |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 77606 | Microsoft IE JavaScript Implementation getComputedStyle Method Page Handling ... |
| 74297 | Bugzilla Patch Attachment Raw Unified Viewing Mode XSS |
| 72724 | Microsoft IE Cookie Jacking Account Authentication Bypass |
| 60198 | Microsoft IE DHTML Property setHomePage Method JavaScript Loop Remote DoS |
| 58788 | Microsoft IE Crafted File Extension Download Security Warning Bypass |
| 58399 | Microsoft IE window.print Function Loop Remote DoS |
| 58397 | Microsoft IE Auto Form Submission KEYGEN Element Remote DoS |
| 56485 | Microsoft IE iFrame HTTP / HTTPS Content Detection Weakness |
| 56254 | Microsoft IE Select Object Length Property Handling Memory Consumption DoS |
| 45441 | Microsoft IE IObjectSafety CLSID_ApprenticeICW ActiveX Control COM Object Cre... |
| 43521 | Microsoft IE CSS :visited Attribute Browser History Disclosure |
| 41467 | Microsoft IE Image Processing Argument Validation Unspecified Memory Corruption |
| 41465 | Microsoft IE HTML Layout Rendering Unspecified Memory Corruption |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-04-02 | Name : Fedora Update for bugzilla FEDORA-2011-10399 File : nvt/gb_fedora_2011_10399_bugzilla_fc16.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-03 (bugzilla) File : nvt/glsa_201110_03.nasl |
| 2011-12-09 | Name : Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities File : nvt/gb_ms_ie_mult_info_disc_vuln.nasl |
| 2011-10-16 | Name : Debian Security Advisory DSA 2322-1 (bugzilla) File : nvt/deb_2322_1.nasl |
| 2011-09-21 | Name : FreeBSD Ports: bugzilla File : nvt/freebsd_bugzilla13.nasl |
| 2011-08-24 | Name : Fedora Update for bugzilla FEDORA-2011-10413 File : nvt/gb_fedora_2011_10413_bugzilla_fc14.nasl |
| 2011-08-24 | Name : Fedora Update for bugzilla FEDORA-2011-10426 File : nvt/gb_fedora_2011_10426_bugzilla_fc15.nasl |
| 2011-08-22 | Name : Bugzilla Multiple Security Vulnerabilities File : nvt/gb_bugzilla_49042.nasl |
| 2011-08-11 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2559049) File : nvt/secpod_ms11-057.nasl |
| 2011-06-13 | Name : Microsoft Internet Explorer Cookie Hijacking Vulnerability File : nvt/gb_ms_ie_cookie_hijacking_vuln.nasl |
| 2011-06-13 | Name : Microsoft Internet Explorer Cookie Hijacking Vulnerability File : nvt/gb_ms_ie9_cookie_hijacking_vuln.nasl |
| 2011-01-13 | Name : Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerabi... File : nvt/gb_ms08-010.nasl |
| 2009-11-20 | Name : Microsoft Internet Denial Of Service Vulnerability - Nov09 File : nvt/secpod_ms_ie_dos_vuln_nov09.nasl |
| 2009-09-22 | Name : Internet Explorer 'KEYGEN' Element Denial Of Service Vulnerability File : nvt/secpod_ms_ie_keygen_dos_vuln.nasl |
| 2009-09-22 | Name : Microsoft Internet Explorer 'window.print()' DOS Vulnerability File : nvt/secpod_ms_ie_window_print_dos_vuln.nasl |
| 2009-07-22 | Name : Microsoft Internet Explorer Denial Of Service Vulnerability - July09 File : nvt/gb_ms_ie_dos_vuln_jul09.nasl |
| 2009-06-17 | Name : Microsoft Internet Explorer Web Script Execution Vulnerabilites File : nvt/secpod_ms_ie_web_script_exec_vuln_jun09.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Internet Explorer isindex buffer overflow attempt RuleID : 16063 - Type : BROWSER-IE - Revision : 12 |
| 2014-01-10 | Microsoft Internet Explorer DXLUTBuilder ActiveX function call unicode access RuleID : 13456 - Type : BROWSER-IE - Revision : 13 |
| 2014-01-10 | Microsoft Internet Explorer DXLUTBuilder ActiveX function call access RuleID : 13455 - Type : BROWSER-IE - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer DXLUTBuilder ActiveX clsid unicode access RuleID : 13454 - Type : BROWSER-IE - Revision : 13 |
| 2014-01-10 | Microsoft Internet Explorer DXLUTBuilder ActiveX clsid access RuleID : 13453 - Type : BROWSER-IE - Revision : 12 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-05-08 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_6.nasl - Type: ACT_GATHER_INFO |
| 2017-05-08 | Name: An application running on the remote host is affected by multiple vulnerabili... File: itunes_12_6_banner.nasl - Type: ACT_GATHER_INFO |
| 2017-05-08 | Name: The remote host contains an application that is affected by multiple vulnerab... File: macos_itunes_12_6.nasl - Type: ACT_GATHER_INFO |
| 2011-10-11 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2322.nasl - Type: ACT_GATHER_INFO |
| 2011-10-11 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201110-03.nasl - Type: ACT_GATHER_INFO |
| 2011-08-23 | Name: The remote Fedora host is missing a security update. File: fedora_2011-10399.nasl - Type: ACT_GATHER_INFO |
| 2011-08-20 | Name: The remote Fedora host is missing a security update. File: fedora_2011-10413.nasl - Type: ACT_GATHER_INFO |
| 2011-08-20 | Name: The remote Fedora host is missing a security update. File: fedora_2011-10426.nasl - Type: ACT_GATHER_INFO |
| 2011-08-15 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_dc8741b9c5d511e08a8e00151735203a.nasl - Type: ACT_GATHER_INFO |
| 2011-08-09 | Name: Arbitrary code can be executed on the remote host through a web browser. File: smb_nt_ms11-057.nasl - Type: ACT_GATHER_INFO |
| 2008-02-12 | Name: Arbitrary code can be executed on the remote host through the web client. File: smb_nt_ms08-010.nasl - Type: ACT_GATHER_INFO |
