This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2001-10-30
Product Ie Last view 2009-07-22
Version 5.2.3 Type Application
Update *  
Edition macintosh  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:ie

Activity : Overall

Related : CVE

  Date Alert Description
5 2009-07-22 CVE-2009-2576

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.

2.6 2006-12-12 CVE-2006-5578

Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.

4.3 2006-12-12 CVE-2006-5577

Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.

5 2006-09-19 CVE-2006-4888

Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.

7.5 2006-04-11 CVE-2006-1188

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.

5 2005-07-05 CVE-2005-2087

Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.

7.5 2004-12-31 CVE-2004-1155

Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.

7.5 2001-10-30 CVE-2001-0667

Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150.

7.5 2001-10-30 CVE-2001-0665

Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."

CWE : Common Weakness Enumeration

%idName
100% (2) CWE-399 Resource Management Errors

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-88 OS Command Injection
CAPEC-133 Try All Common Application Switches and Options

SAINT Exploits

Description Link
Internet Explorer Javaprxy.dll heap overflow More info here

Open Source Vulnerability Database (OSVDB)

id Description
56323 Microsoft IE Write Method Unicode String Argument Handling Remote DoS
30816 Microsoft IE TIF Folder Cached Content Information Disclosure
30815 Microsoft IE TIF Folder Drag and Drop Operation Information Disclosure
28614 Microsoft IE input/div Tag width Conflict DoS
24545 Microsoft IE HTML Element Crafted Tag Arbitrary Code Execution
17680 Microsoft IE JVIEW javaprxy.dll Memory Manipulation Arbitrary Code Execution
12313 Microsoft IE Cross-domain Browser Window Injection Content Spoofing
5563 Microsoft IE Telnet Client SFU Arbitrary Command Execution
1972 Microsoft IE HTTP Request Encoding

OpenVAS Exploits

id Description
2009-07-23 Name : Microsoft Internet Explorer Unicode String DoS Vulnerability
File : nvt/secpod_ms_ie_unicode_str_dos_vuln.nasl

Snort® IPS/IDS

Date Description
2014-01-10 javaprxy.dll ActiveX clsid unicode access
RuleID : 9628 - Type : WEB-ACTIVEX - Revision : 7
2017-08-15 Microsoft Internet Explorer span tag memory corruption attempt
RuleID : 43551 - Type : BROWSER-IE - Revision : 1
2017-08-15 Microsoft Internet Explorer span tag memory corruption attempt
RuleID : 43550 - Type : BROWSER-IE - Revision : 1
2014-01-10 Microsoft Internet Explorer javaprxy.dll COM access
RuleID : 3814 - Type : BROWSER-IE - Revision : 19
2016-03-14 Microsoft Internet Explorer span tag memory corruption attempt
RuleID : 37423 - Type : BROWSER-IE - Revision : 3
2014-01-10 Multiple web browser window injection attempt
RuleID : 20743 - Type : BROWSER-OTHER - Revision : 5
2014-01-10 Microsoft Internet Explorer span tag memory corruption attempt
RuleID : 18306 - Type : BROWSER-IE - Revision : 5
2014-01-10 Microsoft Internet Explorer span tag memory corruption attempt
RuleID : 18305 - Type : BROWSER-IE - Revision : 7
2014-01-10 Microsoft Internet Explorer span tag memory corruption attempt
RuleID : 18304 - Type : BROWSER-IE - Revision : 8
2014-01-10 Microsoft Internet Explorer span tag memory corruption attempt
RuleID : 17580 - Type : BROWSER-IE - Revision : 13
2014-01-10 Microsoft Internet Explorer html tag memory corruption attempt
RuleID : 16043 - Type : BROWSER-IE - Revision : 8

Nessus® Vulnerability Scanner

id Description
2006-12-12 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms06-072.nasl - Type: ACT_GATHER_INFO
2006-04-11 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms06-013.nasl - Type: ACT_GATHER_INFO
2005-07-12 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms05-037.nasl - Type: ACT_GATHER_INFO