Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2012-12-11 |
| Product | Internet Explorer | Last view | 2020-02-11 |
| Version | 10 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microsoft:internet_explorer | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2020-02-11 | CVE-2020-0706 | An information disclosure vulnerability exists in the way that affected Microsoft browsers handle cross-origin requests, aka 'Microsoft Browser Information Disclosure Vulnerability'. |
| 7.5 | 2020-02-11 | CVE-2020-0674 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. |
| 7.5 | 2020-02-11 | CVE-2020-0673 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. |
| 7.5 | 2020-01-14 | CVE-2020-0640 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. |
| 7.5 | 2019-12-10 | CVE-2019-1485 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. |
| 7.5 | 2019-11-12 | CVE-2019-1429 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428. |
| 7.5 | 2019-11-12 | CVE-2019-1390 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. |
| 7.5 | 2019-10-10 | CVE-2019-1371 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. |
| 4.3 | 2019-10-10 | CVE-2019-1357 | A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608. |
| 6.4 | 2019-10-10 | CVE-2019-1238 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239. |
| 4.3 | 2019-10-10 | CVE-2019-0608 | A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357. |
| 7.5 | 2019-09-23 | CVE-2019-1367 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221. |
| 4.3 | 2019-09-11 | CVE-2019-1220 | A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'. |
| 7.5 | 2019-09-11 | CVE-2019-1208 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236. |
| 7.5 | 2019-08-14 | CVE-2019-1194 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1133. |
| 7.5 | 2019-08-14 | CVE-2019-1193 | A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. |
| 4.3 | 2019-08-14 | CVE-2019-1192 | A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'. |
| 7.5 | 2019-08-14 | CVE-2019-1133 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1194. |
| 7.5 | 2019-07-15 | CVE-2019-1104 | A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. |
| 7.5 | 2019-07-15 | CVE-2019-1063 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. |
| 7.5 | 2019-07-15 | CVE-2019-1059 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1056. |
| 7.5 | 2019-07-15 | CVE-2019-1004 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1056, CVE-2019-1059. |
| 6.5 | 2019-06-12 | CVE-2019-1081 | An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka 'Microsoft Browser Information Disclosure Vulnerability'. |
| 7.5 | 2019-06-12 | CVE-2019-1080 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1055. |
| 7.5 | 2019-06-12 | CVE-2019-1055 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1080. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 51% (306) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 12% (75) | CWE-399 | Resource Management Errors |
| 9% (59) | CWE-787 | Out-of-bounds Write |
| 9% (59) | CWE-200 | Information Exposure |
| 5% (32) | CWE-264 | Permissions, Privileges, and Access Controls |
| 2% (14) | CWE-20 | Improper Input Validation |
| 2% (12) | CWE-416 | Use After Free |
| 2% (12) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 1% (9) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 0% (2) | CWE-290 | Authentication Bypass by Spoofing |
| 0% (2) | CWE-284 | Access Control (Authorization) Issues |
| 0% (2) | CWE-254 | Security Features |
| 0% (1) | CWE-425 | Direct Request ('Forced Browsing') |
| 0% (1) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 0% (1) | CWE-310 | Cryptographic Issues |
| 0% (1) | CWE-269 | Improper Privilege Management |
| 0% (1) | CWE-88 | Argument Injection or Modification |
| 0% (1) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
| 0% (1) | CWE-19 | Data Handling |
SAINT Exploits
| Description | Link |
|---|---|
| Internet Explorer CFlatMarkupPointer Object Handling Use-after-free Vulnerability | More info here |
| Internet Explorer CMarkup Object Handling Use-after-free Vulnerability | More info here |
| Internet Explorer VML Dashstyle Attributes Integer Overflow | More info here |
| Internet Explorer Use-After-Free Memory Corruption (MS13-055) | More info here |
| Internet Explorer HTML Rendering Engine onLoseCapture Use-After-Free Vulnerability | More info here |
| Internet Explorer CDisplayPointer Object onpropertychange Use-After-Free | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 33893 | MS13-097 Registry Symlink IE Sandbox Escape |
| 32904 | MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free |
| 32851 | MS14-012 Internet Explorer CMarkup Use-After-Free |
| 28974 | MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free |
| 28682 | Micorosft Internet Explorer SetMouseCapture Use-After-Free |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-12-12 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2761465) File : nvt/secpod_ms12-077.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0211 | Cumulative Security Update for Microsoft Edge (MS15-095) Severity: Category II - VMSKEY: V0061383 |
| 2015-A-0210 | Cumulative Security Update for Microsoft Internet Explorer (MS15-094) Severity: Category II - VMSKEY: V0061381 |
| 2015-A-0189 | Cumulative Security Update for Microsoft Edge (MS15-091) Severity: Category II - VMSKEY: V0061317 |
| 2015-A-0197 | Microsoft Command Line Parameter Information Disclosure Vulnerability (MS15-088) Severity: Category II - VMSKEY: V0061313 |
| 2015-A-0194 | Multiple Vulnerabilities in Microsoft Office (MS15-081) Severity: Category II - VMSKEY: V0061307 |
| 2015-A-0188 | Cumulative Security Update for Microsoft Internet Explorer (MS15-079) Severity: Category I - VMSKEY: V0061297 |
| 2015-A-0110 | Microsoft VBScript ASLR Security Bypass Vulnerabilities (MS15-053) Severity: Category II - VMSKEY: V0060657 |
| 2014-A-0094 | Cumulative Security Update for Microsoft Internet Explorer Severity: Category I - VMSKEY: V0052947 |
| 2014-A-0079 | Cumulative Security Update for Microsoft Internet Explorer Severity: Category I - VMSKEY: V0052493 |
| 2014-A-0072 | Multiple Vulnerabilities in Microsoft Internet Explorer Severity: Category I - VMSKEY: V0050435 |
| 2014-A-0065 | Microsoft Internet Explorer Memory Corruption Vulnerability Severity: Category I - VMSKEY: V0050205 |
| 2014-A-0037 | Cumulative Security Update for Microsoft Internet Explorer Severity: Category I - VMSKEY: V0046163 |
| 2014-A-0023 | Cumulative Security Update for Microsoft Internet Explorer Severity: Category I - VMSKEY: V0044038 |
| 2014-A-0025 | Microsoft VBScript Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0044034 |
| 2013-A-0223 | Cumulative Security Update for Microsoft Internet Explorer Severity: Category I - VMSKEY: V0042584 |
| 2013-A-0215 | Cumulative Security Update for Microsoft Internet Explorer Severity: Category I - VMSKEY: V0042296 |
| 2013-A-0188 | Cumulative Security Update for Microsoft Internet Explorer Severity: Category I - VMSKEY: V0040759 |
| 2013-A-0177 | Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform Severity: Category I - VMSKEY: V0040288 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-07-30 | Microsoft Internet Explorer JavaScript engine memory corruption attempt RuleID : 54400 - Type : BROWSER-IE - Revision : 1 |
| 2020-07-30 | Microsoft Internet Explorer JavaScript engine memory corruption attempt RuleID : 54399 - Type : BROWSER-IE - Revision : 1 |
| 2020-03-24 | Microsoft Internet Explorer onscroll use after free attempt RuleID : 53151 - Type : BROWSER-IE - Revision : 1 |
| 2020-03-24 | Microsoft Internet Explorer onscroll use after free attempt RuleID : 53150 - Type : BROWSER-IE - Revision : 1 |
| 2020-03-03 | Microsoft Internet Explorer improper copy buffer access information disclosur... RuleID : 52985 - Type : BROWSER-IE - Revision : 1 |
| 2020-03-03 | Microsoft Internet Explorer improper copy buffer access information disclosur... RuleID : 52984 - Type : BROWSER-IE - Revision : 1 |
| 2020-01-09 | Microsoft Edge VBScript SafeArray memory corruption attempt RuleID : 52403 - Type : BROWSER-IE - Revision : 1 |
| 2020-01-09 | Microsoft Edge VBScript SafeArray memory corruption attempt RuleID : 52402 - Type : BROWSER-IE - Revision : 1 |
| 2019-12-17 | Microsoft Internet Explorer scripting engine memory corruption attempt RuleID : 52240 - Type : BROWSER-IE - Revision : 2 |
| 2019-12-17 | Microsoft Internet Explorer scripting engine memory corruption attempt RuleID : 52239 - Type : BROWSER-IE - Revision : 2 |
| 2019-11-19 | Microsoft Internet Explorer ActiveX type confusion attempt RuleID : 51944 - Type : BROWSER-IE - Revision : 1 |
| 2019-11-19 | Microsoft Internet Explorer ActiveX type confusion attempt RuleID : 51943 - Type : BROWSER-IE - Revision : 1 |
| 2019-11-12 | Microsoft Edge VBScript engine memory corruption attempt RuleID : 51792 - Type : BROWSER-IE - Revision : 1 |
| 2019-11-12 | Microsoft Edge VBScript engine memory corruption attempt RuleID : 51791 - Type : BROWSER-IE - Revision : 1 |
| 2019-09-24 | Adobe Texture Format file containing invalid texture definition memory corrup... RuleID : 51224 - Type : FILE-OTHER - Revision : 1 |
| 2019-09-24 | Adobe Texture Format file containing invalid texture definition memory corrup... RuleID : 51223 - Type : FILE-OTHER - Revision : 1 |
| 2019-09-24 | Adobe Flash Player ATF bitmap conversion heap overflow attempt RuleID : 51222 - Type : FILE-FLASH - Revision : 1 |
| 2019-09-24 | Adobe Flash Player ATF bitmap conversion heap overflow attempt RuleID : 51221 - Type : FILE-FLASH - Revision : 1 |
| 2019-08-08 | Microsoft Edge memory corruption attempt RuleID : 50669 - Type : BROWSER-IE - Revision : 1 |
| 2019-08-08 | Microsoft Edge memory corruption attempt RuleID : 50668 - Type : BROWSER-IE - Revision : 1 |
| 2019-08-08 | Microsoft Edge scripting engine memory corruption attempt RuleID : 50667 - Type : BROWSER-IE - Revision : 1 |
| 2019-08-08 | Microsoft Edge scripting engine memory corruption attempt RuleID : 50666 - Type : BROWSER-IE - Revision : 1 |
| 2019-07-11 | Microsoft Edge memory corruption attempt RuleID : 50406 - Type : BROWSER-IE - Revision : 1 |
| 2019-07-11 | Microsoft Edge memory corruption attempt RuleID : 50405 - Type : BROWSER-IE - Revision : 1 |
| 2019-07-11 | Microsoft Edge memory corruption attempt RuleID : 50398 - Type : BROWSER-IE - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-12-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_dec_4053578.nasl - Type: ACT_GATHER_INFO |
| 2017-12-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_dec_4053579.nasl - Type: ACT_GATHER_INFO |
| 2017-12-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_dec_4053580.nasl - Type: ACT_GATHER_INFO |
| 2017-12-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_dec_4053581.nasl - Type: ACT_GATHER_INFO |
| 2017-12-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_dec_4054517.nasl - Type: ACT_GATHER_INFO |
| 2017-12-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_dec_4054518.nasl - Type: ACT_GATHER_INFO |
| 2017-12-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_dec_4054519.nasl - Type: ACT_GATHER_INFO |
| 2017-12-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_dec_4054520.nasl - Type: ACT_GATHER_INFO |
| 2017-12-12 | Name: The Internet Explorer installation on the remote host is affected by multiple... File: smb_nt_ms17_dec_internet_explorer.nasl - Type: ACT_GATHER_INFO |
| 2017-11-30 | Name: The Internet Explorer installation on the remote host is affected by multiple... File: smb_nt_ms17_apr_internet_explorer.nasl - Type: ACT_GATHER_INFO |
| 2017-11-30 | Name: The Internet Explorer installation on the remote host is affected by multiple... File: smb_nt_ms17_aug_internet_explorer.nasl - Type: ACT_GATHER_INFO |
| 2017-11-30 | Name: The Internet Explorer installation on the remote host is affected by multiple... File: smb_nt_ms17_jul_internet_explorer.nasl - Type: ACT_GATHER_INFO |
| 2017-11-30 | Name: The Internet Explorer installation on the remote host is affected by multiple... File: smb_nt_ms17_jun_internet_explorer.nasl - Type: ACT_GATHER_INFO |
| 2017-11-30 | Name: The Internet Explorer installation on the remote host is affected by multiple... File: smb_nt_ms17_may_internet_explorer.nasl - Type: ACT_GATHER_INFO |
| 2017-11-30 | Name: The Internet Explorer installation on the remote host is affected by multiple... File: smb_nt_ms17_nov_internet_explorer.nasl - Type: ACT_GATHER_INFO |
| 2017-11-30 | Name: The Internet Explorer installation on the remote host is affected by multiple... File: smb_nt_ms17_oct_internet_explorer.nasl - Type: ACT_GATHER_INFO |
| 2017-11-30 | Name: The Internet Explorer installation on the remote host is affected by multiple... File: smb_nt_ms17_sep_internet_explorer.nasl - Type: ACT_GATHER_INFO |
| 2017-11-14 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_nov_4048952.nasl - Type: ACT_GATHER_INFO |
| 2017-11-14 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_nov_4048953.nasl - Type: ACT_GATHER_INFO |
| 2017-11-14 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_nov_4048954.nasl - Type: ACT_GATHER_INFO |
| 2017-11-14 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_nov_4048955.nasl - Type: ACT_GATHER_INFO |
| 2017-11-14 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_nov_4048956.nasl - Type: ACT_GATHER_INFO |
| 2017-11-14 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_nov_4048957.nasl - Type: ACT_GATHER_INFO |
| 2017-11-14 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_nov_4048958.nasl - Type: ACT_GATHER_INFO |
| 2017-11-14 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_nov_4048959.nasl - Type: ACT_GATHER_INFO |
