CVE-2008-5553
- EPSS 11.57%
- Veröffentlicht 12.12.2008 18:30:03
- Zuletzt bearbeitet 16.06.2026 23:00:32
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header a...
CVE-2008-5554
- EPSS 14.51%
- Veröffentlicht 12.12.2008 18:30:03
- Zuletzt bearbeitet 16.06.2026 23:00:32
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attack...
CVE-2008-5555
- EPSS 12.53%
- Veröffentlicht 12.12.2008 18:30:03
- Zuletzt bearbeitet 16.06.2026 23:00:32
Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain...
CVE-2008-5556
- EPSS 11.22%
- Veröffentlicht 12.12.2008 18:30:03
- Zuletzt bearbeitet 16.06.2026 23:00:32
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attack...
CVE-2008-4844
- EPSS 66.51%
- Veröffentlicht 11.12.2008 15:30:00
- Zuletzt bearbeitet 16.06.2026 22:58:38
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2)...
CVE-2008-4258
- EPSS 17.84%
- Veröffentlicht 10.12.2008 14:00:01
- Zuletzt bearbeitet 16.06.2026 22:57:30
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Paramet...
CVE-2008-4259
- EPSS 32.66%
- Veröffentlicht 10.12.2008 14:00:01
- Zuletzt bearbeitet 16.06.2026 22:57:30
Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file wit...
CVE-2008-4260
- EPSS 19.38%
- Veröffentlicht 10.12.2008 14:00:01
- Zuletzt bearbeitet 16.06.2026 22:57:30
Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2008-4261
- EPSS 29.71%
- Veröffentlicht 10.12.2008 14:00:01
- Zuletzt bearbeitet 16.06.2026 22:57:30
Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers t...
CVE-2008-4029
- EPSS 26.74%
- Veröffentlicht 12.11.2008 23:30:01
- Zuletzt bearbeitet 16.06.2026 22:57:01
Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external...