This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2001-10-30
Product Ie Last view 2011-12-07
Version 6 Type Application
Update windows_server_2003_sp1  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:ie

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5 2011-12-07 CVE-2010-5071

The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.

4.3 2011-12-07 CVE-2002-2435

The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

4.3 2011-08-09 CVE-2011-2379

Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing.

4.3 2011-06-03 CVE-2011-2383

Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.

4.3 2011-06-03 CVE-2011-2382

Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.

4.3 2011-05-23 CVE-2011-1765

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587.

4.3 2011-04-26 CVE-2011-1587

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578.

4.3 2011-04-26 CVE-2011-1578

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.

5 2009-08-24 CVE-2009-2954

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.

5 2009-07-22 CVE-2009-2576

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.

9.3 2008-04-08 CVE-2008-1085

Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.

9.3 2008-02-12 CVE-2008-0078

Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."

9.3 2008-02-12 CVE-2008-0076

Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."

7.5 2007-10-14 CVE-2007-5456

Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege boundaries, although it does bypass an intended protection mechanism.

9.3 2007-03-29 CVE-2007-1765

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.

5 2007-03-02 CVE-2006-7065

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.

5 2007-02-22 CVE-2006-7031

Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.

5 2007-02-22 CVE-2006-7029

Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637.

9.3 2006-12-12 CVE-2006-5581

Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability."

2.6 2006-12-12 CVE-2006-5578

Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.

4.3 2006-12-12 CVE-2006-5577

Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.

5 2006-12-06 CVE-2006-6310

Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

7.5 2006-11-14 CVE-2006-5884

Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.

5.1 2006-11-14 CVE-2006-4687

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

5 2006-10-05 CVE-2006-5162

wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow.

CWE : Common Weakness Enumeration

%idName
23% (5) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
23% (5) CWE-20 Improper Input Validation
19% (4) CWE-94 Failure to Control Generation of Code ('Code Injection')
14% (3) CWE-200 Information Exposure
9% (2) CWE-399 Resource Management Errors
4% (1) CWE-264 Permissions, Privileges, and Access Controls
4% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-88 OS Command Injection
CAPEC-133 Try All Common Application Switches and Options

SAINT Exploits

Description Link
Internet Explorer Javaprxy.dll heap overflow More info here
Internet Explorer COM object instantiation vulnerability More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77606 Microsoft IE JavaScript Implementation getComputedStyle Method Page Handling ...
74619 MediaWiki URI Query String %2E Sequence XSS
74297 Bugzilla Patch Attachment Raw Unified Viewing Mode XSS
72724 Microsoft IE Cookie Jacking Account Authentication Bypass
58788 Microsoft IE Crafted File Extension Download Security Warning Bypass
57506 Microsoft IE location.hash Javascript Handling Remote DoS
57113 Microsoft IE Extended HTML Form Non-HTTP Protocol XSS
56323 Microsoft IE Write Method Unicode String Argument Handling Remote DoS
45441 Microsoft IE IObjectSafety CLSID_ApprenticeICW ActiveX Control COM Object Cre...
45260 Microsoft IE Malformed Table Element CSS Attribute Handling DoS
45259 Microsoft IE mshtml.dll Malformed IFRAME XML File / XSL Stylesheet Handling DoS
44205 Microsoft IE Data Stream Handling Memory Corruption
43521 Microsoft IE CSS :visited Attribute Browser History Disclosure
41467 Microsoft IE Image Processing Argument Validation Unspecified Memory Corruption
41465 Microsoft IE HTML Layout Rendering Unspecified Memory Corruption
41041 Microsoft IE Mouse Click self.resizeTo DoS
33629 Microsoft IE Animated Cursor (.ani) Handling Arbitrary Command Execution
31332 Microsoft IE Scrollbar CSS Property DoS
31329 Microsoft IE DNS Pinning Intranet Server Arbitrary Javascript Execution
31325 Microsoft IE HTML Frame Tag Invalid src Attribute DoS
31324 Microsoft IE DirectAnimation ActiveX Multiple Unspecified
31323 Microsoft IE DIV Tag and HTML CSS Float Properties Arbitrary Code Execution
30816 Microsoft IE TIF Folder Cached Content Information Disclosure
30815 Microsoft IE TIF Folder Drag and Drop Operation Information Disclosure
30814 Microsoft IE DHTML Script Function Memory Corruption

ExploitDB Exploits

id Description
3652 MS Windows Animated Cursor (.ANI) Overflow Exploit (Hardware DEP)
3617 MS Windows Animated Cursor (.ANI) Stack Overflow Exploit

OpenVAS Exploits

id Description
2012-04-02 Name : Fedora Update for bugzilla FEDORA-2011-10399
File : nvt/gb_fedora_2011_10399_bugzilla_fc16.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-03 (bugzilla)
File : nvt/glsa_201110_03.nasl
2012-02-11 Name : Debian Security Advisory DSA 2366-1 (mediawiki)
File : nvt/deb_2366_1.nasl
2011-12-09 Name : Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities
File : nvt/gb_ms_ie_mult_info_disc_vuln.nasl
2011-10-16 Name : Debian Security Advisory DSA 2322-1 (bugzilla)
File : nvt/deb_2322_1.nasl
2011-09-21 Name : FreeBSD Ports: bugzilla
File : nvt/freebsd_bugzilla13.nasl
2011-08-24 Name : Fedora Update for bugzilla FEDORA-2011-10413
File : nvt/gb_fedora_2011_10413_bugzilla_fc14.nasl
2011-08-24 Name : Fedora Update for bugzilla FEDORA-2011-10426
File : nvt/gb_fedora_2011_10426_bugzilla_fc15.nasl
2011-08-22 Name : Bugzilla Multiple Security Vulnerabilities
File : nvt/gb_bugzilla_49042.nasl
2011-08-11 Name : Microsoft Internet Explorer Multiple Vulnerabilities (2559049)
File : nvt/secpod_ms11-057.nasl
2011-06-13 Name : Microsoft Internet Explorer Cookie Hijacking Vulnerability
File : nvt/gb_ms_ie_cookie_hijacking_vuln.nasl
2011-06-13 Name : Microsoft Internet Explorer Cookie Hijacking Vulnerability
File : nvt/gb_ms_ie9_cookie_hijacking_vuln.nasl
2011-06-02 Name : MediaWiki Cross-Site Scripting Vulnerability
File : nvt/secpod_mediawiki_xss_vuln.nasl
2011-05-23 Name : Fedora Update for mediawiki FEDORA-2011-6775
File : nvt/gb_fedora_2011_6775_mediawiki_fc13.nasl
2011-05-23 Name : Fedora Update for mediawiki FEDORA-2011-6774
File : nvt/gb_fedora_2011_6774_mediawiki_fc14.nasl
2011-05-05 Name : Fedora Update for mediawiki FEDORA-2011-5812
File : nvt/gb_fedora_2011_5812_mediawiki_fc14.nasl
2011-05-05 Name : Fedora Update for mediawiki FEDORA-2011-5807
File : nvt/gb_fedora_2011_5807_mediawiki_fc13.nasl
2011-01-13 Name : Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerabi...
File : nvt/gb_ms08-010.nasl
2011-01-10 Name : Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulner...
File : nvt/gb_ms08-024.nasl
2009-08-26 Name : Microsoft Internet Explorer 'location.hash' DOS Vulnerability
File : nvt/secpod_ms_ie_location_hash_dos_vuln.nasl
2009-07-23 Name : Microsoft Internet Explorer Unicode String DoS Vulnerability
File : nvt/secpod_ms_ie_unicode_str_dos_vuln.nasl
2005-11-03 Name : IE 5.01 5.5 6.0 Cumulative patch (890923)
File : nvt/smb_nt_ms02-005.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 javaprxy.dll ActiveX clsid unicode access
RuleID : 9628 - Type : WEB-ACTIVEX - Revision : 7
2014-01-10 Microsoft Windows MMC createcab.cmd cross site scripting attempt
RuleID : 7424 - Type : OS-WINDOWS - Revision : 8
2014-01-10 Microsoft Windows MMC mmc.exe cross site scripting attempt
RuleID : 7423 - Type : OS-WINDOWS - Revision : 8
2014-01-10 Microsoft Windows MMC mmcndmgr.dll cross site scripting attempt
RuleID : 7422 - Type : OS-WINDOWS - Revision : 8
2014-01-10 Microsoft DT DDS OrgChart GDD Route ActiveX object access
RuleID : 6008 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10 Microsoft Internet Explorer DT DDS OrgChart GDD Layout ActiveX object access
RuleID : 6007 - Type : BROWSER-PLUGINS - Revision : 12
2014-01-10 Microsoft Internet Explorer DT Icon Control ActiveX object access
RuleID : 6006 - Type : BROWSER-PLUGINS - Revision : 12
2014-01-10 Microsoft Internet Explorer DT DDS Straight Line Routing Logic 2 ActiveX obje...
RuleID : 6005 - Type : BROWSER-PLUGINS - Revision : 12
2014-01-10 Microsoft Internet Explorer DT DDS Circular Auto Layout Logic 2 ActiveX objec...
RuleID : 6004 - Type : BROWSER-PLUGINS - Revision : 12
2014-01-10 Microsoft Internet Explorer DT DDS Rectilinear GDD Route ActiveX object access
RuleID : 6003 - Type : BROWSER-PLUGINS - Revision : 12
2014-01-10 Microsoft Internet Explorer DT DDS Rectilinear GDD Layout ActiveX object access
RuleID : 6002 - Type : BROWSER-PLUGINS - Revision : 12
2017-08-15 Microsoft Internet Explorer span tag memory corruption attempt
RuleID : 43551 - Type : BROWSER-IE - Revision : 1
2017-08-15 Microsoft Internet Explorer span tag memory corruption attempt
RuleID : 43550 - Type : BROWSER-IE - Revision : 1
2014-01-10 Microsoft Internet Explorer JPEG heap overflow multipacket attempt
RuleID : 4136 - Type : WEB-CLIENT - Revision : 13
2014-01-10 Microsoft Internet Explorer JPEG rendering buffer overflow attempt
RuleID : 4135 - Type : BROWSER-IE - Revision : 23
2014-01-10 Microsoft Internet Explorer javaprxy.dll COM access
RuleID : 3814 - Type : BROWSER-IE - Revision : 19
2016-03-14 Microsoft Internet Explorer span tag memory corruption attempt
RuleID : 37423 - Type : BROWSER-IE - Revision : 3
2014-01-10 Microsoft Internet Explorer ANI file parsing buffer overflow attempt
RuleID : 3079-community - Type : BROWSER-IE - Revision : 25
2014-01-10 Microsoft Internet Explorer ANI file parsing buffer overflow attempt
RuleID : 3079 - Type : BROWSER-IE - Revision : 25
2014-02-08 Microsoft Internet Explorer clbcatq.dll ActiveX clsid access
RuleID : 29256 - Type : BROWSER-PLUGINS - Revision : 2
2014-02-08 Microsoft Internet Explorer clbcatex.dll ActiveX clsid access
RuleID : 29255 - Type : BROWSER-PLUGINS - Revision : 2
2014-02-08 Microsoft Internet Explorer WaveOut and DSound Class Manager ActiveX clsid ac...
RuleID : 29254 - Type : BROWSER-PLUGINS - Revision : 2
2014-02-08 Microsoft Internet Explorer WIA FileSystem USD ActiveX clsid access
RuleID : 29252 - Type : BROWSER-PLUGINS - Revision : 2
2014-02-08 Microsoft Internet Explorer WDM Instance Provider ActiveX clsid access
RuleID : 29251 - Type : BROWSER-PLUGINS - Revision : 2
2014-02-08 Microsoft Internet Explorer Video Effect Class Manager 2 Input ActiveX clsid ...
RuleID : 29250 - Type : BROWSER-PLUGINS - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-01-12 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2366.nasl - Type: ACT_GATHER_INFO
2011-10-11 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201110-03.nasl - Type: ACT_GATHER_INFO
2011-10-11 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2322.nasl - Type: ACT_GATHER_INFO
2011-08-23 Name: The remote Fedora host is missing a security update.
File: fedora_2011-10399.nasl - Type: ACT_GATHER_INFO
2011-08-20 Name: The remote Fedora host is missing a security update.
File: fedora_2011-10413.nasl - Type: ACT_GATHER_INFO
2011-08-20 Name: The remote Fedora host is missing a security update.
File: fedora_2011-10426.nasl - Type: ACT_GATHER_INFO
2011-08-15 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_dc8741b9c5d511e08a8e00151735203a.nasl - Type: ACT_GATHER_INFO
2011-08-09 Name: Arbitrary code can be executed on the remote host through a web browser.
File: smb_nt_ms11-057.nasl - Type: ACT_GATHER_INFO
2011-05-23 Name: The remote Fedora host is missing a security update.
File: fedora_2011-6774.nasl - Type: ACT_GATHER_INFO
2011-05-23 Name: The remote Fedora host is missing a security update.
File: fedora_2011-6775.nasl - Type: ACT_GATHER_INFO
2011-05-19 Name: The remote Fedora host is missing a security update.
File: fedora_2011-6781.nasl - Type: ACT_GATHER_INFO
2011-05-02 Name: The remote Fedora host is missing a security update.
File: fedora_2011-5807.nasl - Type: ACT_GATHER_INFO
2011-05-02 Name: The remote Fedora host is missing a security update.
File: fedora_2011-5812.nasl - Type: ACT_GATHER_INFO
2011-04-27 Name: The remote Fedora host is missing a security update.
File: fedora_2011-5848.nasl - Type: ACT_GATHER_INFO
2011-04-22 Name: The remote Fedora host is missing a security update.
File: fedora_2011-5495.nasl - Type: ACT_GATHER_INFO
2011-04-15 Name: The remote web server hosts a version of MediaWiki that is affected by a cros...
File: mediawiki_1_16_4.nasl - Type: ACT_ATTACK
2008-04-08 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms08-024.nasl - Type: ACT_GATHER_INFO
2008-02-12 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms08-010.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-535-1.nasl - Type: ACT_GATHER_INFO
2007-04-03 Name: Arbitrary code can be executed on the remote host through the email client or...
File: smb_nt_ms07-017.nasl - Type: ACT_GATHER_INFO
2006-12-16 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-143.nasl - Type: ACT_GATHER_INFO
2006-12-12 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms06-072.nasl - Type: ACT_GATHER_INFO
2006-11-14 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms06-067.nasl - Type: ACT_GATHER_INFO
2006-08-08 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms06-042.nasl - Type: ACT_GATHER_INFO
2006-08-08 Name: Arbitrary code can be executed on the remote host through the web or email cl...
File: smb_nt_ms06-044.nasl - Type: ACT_GATHER_INFO