Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 1999-12-08 |
| Product | Internet Explorer | Last view | 2013-06-28 |
| Version | 4.71.1008.3 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microsoft:internet_explorer | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2013-06-28 | CVE-2013-3649 | Cross-site scripting (XSS) vulnerability in KENT-WEB CLIP-MAIL before 3.4, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. |
| 4.3 | 2013-06-28 | CVE-2013-3648 | Cross-site scripting (XSS) vulnerability in KENT-WEB POST-MAIL before 6.7, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. |
| 5 | 2011-12-07 | CVE-2010-5071 | The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. |
| 4.3 | 2011-12-07 | CVE-2002-2435 | The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. |
| 4.3 | 2011-08-09 | CVE-2011-2379 | Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing. |
| 4.3 | 2011-06-03 | CVE-2011-2383 | Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release. |
| 4.3 | 2011-06-03 | CVE-2011-2382 | Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. |
| 4.3 | 2011-05-23 | CVE-2011-1765 | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587. |
| 4.3 | 2011-04-26 | CVE-2011-1587 | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578. |
| 4.3 | 2011-04-26 | CVE-2011-1578 | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. |
| 5 | 2009-11-16 | CVE-2009-3943 | Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. |
| 5 | 2009-09-18 | CVE-2009-3270 | Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. |
| 5 | 2009-09-18 | CVE-2009-3267 | Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828. |
| 5 | 2009-08-24 | CVE-2009-2954 | Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. |
| 5 | 2009-07-22 | CVE-2009-2576 | Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. |
| 4.3 | 2009-07-20 | CVE-2009-2536 | Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. |
| 5.8 | 2009-06-15 | CVE-2009-2069 | Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. |
| 6.8 | 2009-06-15 | CVE-2009-2064 | Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." |
| 5.8 | 2009-06-15 | CVE-2009-2057 | Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. |
| 7.5 | 2007-10-14 | CVE-2007-5456 | Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege boundaries, although it does bypass an intended protection mechanism. |
| 9.3 | 2007-03-29 | CVE-2007-1765 | Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier. |
| 5 | 2007-02-22 | CVE-2006-7031 | Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll. |
| 5 | 2007-02-22 | CVE-2006-7029 | Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637. |
| 9.3 | 2006-12-12 | CVE-2006-5581 | Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability." |
| 2.6 | 2006-12-12 | CVE-2006-5578 | Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 26% (6) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 13% (3) | CWE-287 | Improper Authentication |
| 13% (3) | CWE-20 | Improper Input Validation |
| 8% (2) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 8% (2) | CWE-399 | Resource Management Errors |
| 8% (2) | CWE-200 | Information Exposure |
| 8% (2) | CWE-88 | Argument Injection or Modification |
| 4% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 4% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 4% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
| CAPEC-88 | OS Command Injection |
| CAPEC-133 | Try All Common Application Switches and Options |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 77606 | Microsoft IE JavaScript Implementation getComputedStyle Method Page Handling ... |
| 74619 | MediaWiki URI Query String %2E Sequence XSS |
| 74297 | Bugzilla Patch Attachment Raw Unified Viewing Mode XSS |
| 72724 | Microsoft IE Cookie Jacking Account Authentication Bypass |
| 60198 | Microsoft IE DHTML Property setHomePage Method JavaScript Loop Remote DoS |
| 58788 | Microsoft IE Crafted File Extension Download Security Warning Bypass |
| 58399 | Microsoft IE window.print Function Loop Remote DoS |
| 58397 | Microsoft IE Auto Form Submission KEYGEN Element Remote DoS |
| 57506 | Microsoft IE location.hash Javascript Handling Remote DoS |
| 57113 | Microsoft IE Extended HTML Form Non-HTTP Protocol XSS |
| 56489 | Microsoft IE Proxy Server CONNECT Response Cached Certificate Use MiTM HTTPS ... |
| 56485 | Microsoft IE iFrame HTTP / HTTPS Content Detection Weakness |
| 56323 | Microsoft IE Write Method Unicode String Argument Handling Remote DoS |
| 56254 | Microsoft IE Select Object Length Property Handling Memory Consumption DoS |
| 55129 | Microsoft IE HTTP Host Header Proxy Server CONNECT Response Document Context ... |
| 45441 | Microsoft IE IObjectSafety CLSID_ApprenticeICW ActiveX Control COM Object Cre... |
| 45260 | Microsoft IE Malformed Table Element CSS Attribute Handling DoS |
| 43521 | Microsoft IE CSS :visited Attribute Browser History Disclosure |
| 41041 | Microsoft IE Mouse Click self.resizeTo DoS |
| 33629 | Microsoft IE Animated Cursor (.ani) Handling Arbitrary Command Execution |
| 31325 | Microsoft IE HTML Frame Tag Invalid src Attribute DoS |
| 30816 | Microsoft IE TIF Folder Cached Content Information Disclosure |
| 30815 | Microsoft IE TIF Folder Drag and Drop Operation Information Disclosure |
| 30814 | Microsoft IE DHTML Script Function Memory Corruption |
| 28614 | Microsoft IE input/div Tag width Conflict DoS |
ExploitDB Exploits
| id | Description |
|---|---|
| 3652 | MS Windows Animated Cursor (.ANI) Overflow Exploit (Hardware DEP) |
| 3617 | MS Windows Animated Cursor (.ANI) Stack Overflow Exploit |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-04-02 | Name : Fedora Update for bugzilla FEDORA-2011-10399 File : nvt/gb_fedora_2011_10399_bugzilla_fc16.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-03 (bugzilla) File : nvt/glsa_201110_03.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2366-1 (mediawiki) File : nvt/deb_2366_1.nasl |
| 2011-12-09 | Name : Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities File : nvt/gb_ms_ie_mult_info_disc_vuln.nasl |
| 2011-10-16 | Name : Debian Security Advisory DSA 2322-1 (bugzilla) File : nvt/deb_2322_1.nasl |
| 2011-09-21 | Name : FreeBSD Ports: bugzilla File : nvt/freebsd_bugzilla13.nasl |
| 2011-08-24 | Name : Fedora Update for bugzilla FEDORA-2011-10413 File : nvt/gb_fedora_2011_10413_bugzilla_fc14.nasl |
| 2011-08-24 | Name : Fedora Update for bugzilla FEDORA-2011-10426 File : nvt/gb_fedora_2011_10426_bugzilla_fc15.nasl |
| 2011-08-22 | Name : Bugzilla Multiple Security Vulnerabilities File : nvt/gb_bugzilla_49042.nasl |
| 2011-08-11 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2559049) File : nvt/secpod_ms11-057.nasl |
| 2011-06-13 | Name : Microsoft Internet Explorer Cookie Hijacking Vulnerability File : nvt/gb_ms_ie_cookie_hijacking_vuln.nasl |
| 2011-06-13 | Name : Microsoft Internet Explorer Cookie Hijacking Vulnerability File : nvt/gb_ms_ie9_cookie_hijacking_vuln.nasl |
| 2011-06-02 | Name : MediaWiki Cross-Site Scripting Vulnerability File : nvt/secpod_mediawiki_xss_vuln.nasl |
| 2011-05-23 | Name : Fedora Update for mediawiki FEDORA-2011-6775 File : nvt/gb_fedora_2011_6775_mediawiki_fc13.nasl |
| 2011-05-23 | Name : Fedora Update for mediawiki FEDORA-2011-6774 File : nvt/gb_fedora_2011_6774_mediawiki_fc14.nasl |
| 2011-05-05 | Name : Fedora Update for mediawiki FEDORA-2011-5812 File : nvt/gb_fedora_2011_5812_mediawiki_fc14.nasl |
| 2011-05-05 | Name : Fedora Update for mediawiki FEDORA-2011-5807 File : nvt/gb_fedora_2011_5807_mediawiki_fc13.nasl |
| 2009-11-20 | Name : Microsoft Internet Denial Of Service Vulnerability - Nov09 File : nvt/secpod_ms_ie_dos_vuln_nov09.nasl |
| 2009-09-22 | Name : Internet Explorer 'KEYGEN' Element Denial Of Service Vulnerability File : nvt/secpod_ms_ie_keygen_dos_vuln.nasl |
| 2009-09-22 | Name : Microsoft Internet Explorer 'window.print()' DOS Vulnerability File : nvt/secpod_ms_ie_window_print_dos_vuln.nasl |
| 2009-08-26 | Name : Microsoft Internet Explorer 'location.hash' DOS Vulnerability File : nvt/secpod_ms_ie_location_hash_dos_vuln.nasl |
| 2009-07-23 | Name : Microsoft Internet Explorer Unicode String DoS Vulnerability File : nvt/secpod_ms_ie_unicode_str_dos_vuln.nasl |
| 2009-07-22 | Name : Microsoft Internet Explorer Denial Of Service Vulnerability - July09 File : nvt/gb_ms_ie_dos_vuln_jul09.nasl |
| 2009-06-17 | Name : Microsoft Internet Explorer Web Script Execution Vulnerabilites File : nvt/secpod_ms_ie_web_script_exec_vuln_jun09.nasl |
| 2005-11-03 | Name : Bugbear worm File : nvt/bugbear.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Internet Explorer htmlfile ActiveX object access attempt RuleID : 4155 - Type : BROWSER-PLUGINS - Revision : 20 |
| 2014-01-10 | Microsoft Internet Explorer spoofed MIME-Type auto-execution attempt RuleID : 3683 - Type : BROWSER-IE - Revision : 13 |
| 2014-01-10 | spoofed MIME-Type auto-execution attempt RuleID : 3682 - Type : SERVER-MAIL - Revision : 11 |
| 2014-01-10 | Microsoft Internet Explorer ANI file parsing buffer overflow attempt RuleID : 3079-community - Type : BROWSER-IE - Revision : 25 |
| 2014-01-10 | Microsoft Internet Explorer ANI file parsing buffer overflow attempt RuleID : 3079 - Type : BROWSER-IE - Revision : 25 |
| 2014-01-10 | Microsoft Internet Explorer htmlfile ActiveX object access attempt RuleID : 28272 - Type : BROWSER-PLUGINS - Revision : 7 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-05-08 | Name: The remote host contains an application that is affected by multiple vulnerab... File: macos_itunes_12_6.nasl - Type: ACT_GATHER_INFO |
| 2017-05-08 | Name: An application running on the remote host is affected by multiple vulnerabili... File: itunes_12_6_banner.nasl - Type: ACT_GATHER_INFO |
| 2017-05-08 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_6.nasl - Type: ACT_GATHER_INFO |
| 2012-01-12 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2366.nasl - Type: ACT_GATHER_INFO |
| 2011-10-11 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2322.nasl - Type: ACT_GATHER_INFO |
| 2011-10-11 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201110-03.nasl - Type: ACT_GATHER_INFO |
| 2011-08-23 | Name: The remote Fedora host is missing a security update. File: fedora_2011-10399.nasl - Type: ACT_GATHER_INFO |
| 2011-08-20 | Name: The remote Fedora host is missing a security update. File: fedora_2011-10413.nasl - Type: ACT_GATHER_INFO |
| 2011-08-20 | Name: The remote Fedora host is missing a security update. File: fedora_2011-10426.nasl - Type: ACT_GATHER_INFO |
| 2011-08-15 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_dc8741b9c5d511e08a8e00151735203a.nasl - Type: ACT_GATHER_INFO |
| 2011-08-09 | Name: Arbitrary code can be executed on the remote host through a web browser. File: smb_nt_ms11-057.nasl - Type: ACT_GATHER_INFO |
| 2011-05-23 | Name: The remote Fedora host is missing a security update. File: fedora_2011-6774.nasl - Type: ACT_GATHER_INFO |
| 2011-05-23 | Name: The remote Fedora host is missing a security update. File: fedora_2011-6775.nasl - Type: ACT_GATHER_INFO |
| 2011-05-19 | Name: The remote Fedora host is missing a security update. File: fedora_2011-6781.nasl - Type: ACT_GATHER_INFO |
| 2011-05-02 | Name: The remote Fedora host is missing a security update. File: fedora_2011-5807.nasl - Type: ACT_GATHER_INFO |
| 2011-05-02 | Name: The remote Fedora host is missing a security update. File: fedora_2011-5812.nasl - Type: ACT_GATHER_INFO |
| 2011-04-27 | Name: The remote Fedora host is missing a security update. File: fedora_2011-5848.nasl - Type: ACT_GATHER_INFO |
| 2011-04-22 | Name: The remote Fedora host is missing a security update. File: fedora_2011-5495.nasl - Type: ACT_GATHER_INFO |
| 2011-04-15 | Name: The remote web server hosts a version of MediaWiki that is affected by a cros... File: mediawiki_1_16_4.nasl - Type: ACT_ATTACK |
| 2007-04-03 | Name: Arbitrary code can be executed on the remote host through the email client or... File: smb_nt_ms07-017.nasl - Type: ACT_GATHER_INFO |
| 2006-12-12 | Name: Arbitrary code can be executed on the remote host through the web client. File: smb_nt_ms06-072.nasl - Type: ACT_GATHER_INFO |
| 2006-06-13 | Name: Arbitrary code can be executed on the remote host through the web client. File: smb_nt_ms06-021.nasl - Type: ACT_GATHER_INFO |
| 2002-10-03 | Name: The remote host has been compromised. File: bugbear.nasl - Type: ACT_GATHER_INFO |
