CVE-2007-3902
- EPSS 35.51%
- Veröffentlicht 12.12.2007 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:43:00
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property o...
CVE-2007-3903
- EPSS 31.28%
- Veröffentlicht 12.12.2007 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:43:00
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-...
CVE-2007-5344
- EPSS 27.48%
- Veröffentlicht 12.12.2007 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:45:56
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption...
CVE-2007-5347
- EPSS 28.03%
- Veröffentlicht 12.12.2007 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:45:56
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
CVE-2007-5355
- EPSS 16.63%
- Veröffentlicht 05.12.2007 11:46:00
- Zuletzt bearbeitet 16.06.2026 22:45:57
The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS doma...
CVE-2007-5456
- EPSS 19.89%
- Veröffentlicht 14.10.2007 18:17:00
- Zuletzt bearbeitet 16.06.2026 22:46:11
Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, ...
CVE-2007-3896
- EPSS 53.83%
- Veröffentlicht 11.10.2007 00:17:00
- Zuletzt bearbeitet 16.06.2026 22:42:59
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as de...
CVE-2007-3892
- EPSS 25.57%
- Veröffentlicht 09.10.2007 22:17:00
- Zuletzt bearbeitet 16.06.2026 22:42:58
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.
CVE-2007-3893
- EPSS 24.18%
- Veröffentlicht 09.10.2007 22:17:00
- Zuletzt bearbeitet 16.06.2026 22:42:59
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.
CVE-2007-5277
- EPSS 9.71%
- Veröffentlicht 08.10.2007 23:17:00
- Zuletzt bearbeitet 16.06.2026 22:45:48
Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been e...