Microsoft: >> Ie >> 6 Security Vulnerabilities
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."
CVSS Score
5.0
EPSS Score
0.367
Published
2006-08-09
Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
CVSS Score
6.0
EPSS Score
0.28
Published
2006-08-09
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.642
Published
2006-08-08
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
CVSS Score
5.1
EPSS Score
0.773
Published
2006-08-08
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
CVSS Score
2.6
EPSS Score
0.383
Published
2006-07-31
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.
CVSS Score
5.0
EPSS Score
0.432
Published
2006-07-31
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.
CVSS Score
5.0
EPSS Score
0.302
Published
2006-07-18
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check.
CVSS Score
5.0
EPSS Score
0.305
Published
2006-07-18
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.
CVSS Score
5.0
EPSS Score
0.304
Published
2006-07-18
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.
CVSS Score
5.0
EPSS Score
0.411
Published
2006-07-06